5 matches found
CVE-2020-10547
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices...
rConfig SQL Injection (CVE-2020-10546; CVE-2020-10547; CVE-2020-10548; CVE-2020-10549)
An SQL injection vulnerability exists in rConfig. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
rConfig <= 3.9.4 Multiple SQL Injection Vulnerabilities
rConfig is prone to multiple SQL injection vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
CVE-2020-10547
Affected software: rConfig (3.9.4 and earlier). Root cause: unauthenticated SQL injection in compliancepolicyelements.inc.php; vulnerability stems from plaintext storage of node passwords by default. Impact: allows execution of arbitrary SQL queries and lateral movement to gain access to monitore...
CVE-2020-10547
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes’ passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. Recent assessments: thegul...