rConfig SQL Injection Vulnerability (CNVD-2021-61756)

rConfig is an open source network device configuration management utility. rConfig version 3.9.5 is vulnerable to a SQL injection vulnerability that stems from an unvalidated dbName parameter in ajaxDbInstall.php, which can be exploited by attackers to access sensitive database information...

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

Sql injection

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

Sql injection

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

CVE-2020-23149

CVE-2020-23149 affects rConfig 3.9.5. The vulnerability arises from the dbName parameter in ajaxDbInstall.php being unsanitized, enabling SQL injection to access sensitive database information. Multiple connected records (NVD, CNVD, Red Hat, CNVD, PRION, OpenVAS, etc.) corroborate the same root c...