CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

CVE-2023-39110

The v3.9.4 release of rConfig is affected by a Server-Side Request Forgery (SSRF) in the path parameter of /ajaxGetFileByPath.php. An authenticated attacker can inject crafted URLs to cause arbitrary requests, potentially reading local files or accessing internal network resources. The impact is ...

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

rConfig 3.9.6 Local File Inclusion

Exploit Title: rConfig 3.9.6 - 'path' Local File Inclusion Authenticated Date: 2021-03-12 Exploit Author: 5a65726f Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...

CVE-2020-15712

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences %2f..%2f in the path parameter to view arbitrary files on the system...