rConfig 操作系统命令注入漏洞

rConfig is an open source network configuration management utility program. An operating system command injection vulnerability exists in rConfig version 3.9.5, which stems from the rConfig path parameter being passed directly to the exec function without being escaped. The vulnerability can be...

VulnCheck KEV: CVE-2019-19509

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

Command injection

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution...

PT-2019-4524 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.3 Description: The issue is related to errors in handling HTTP requests in the ajaxArchiveFiles.php component of the rConfig utility for managing network device configurations. Exploitation of this issue may allow a remote...