Lucene search
+L

9 matches found

exploitpack
exploitpack
added 2020/03/27 12:0 a.m.178 views

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution

rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...

9CVSS0.6AI score0.99683EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/03/27 12:0 a.m.232 views

rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution

Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...

9.8CVSS8.8AI score0.99683EPSS
Exploits20
0day.today
0day.today
added 2020/03/17 12:0 a.m.314 views

Rconfig 3.x Chained Remote Code Execution Exploit

This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...

9.8CVSS1.4AI score0.99683EPSS
Exploits20
Exploit DB
Exploit DB
added 2020/03/17 12:0 a.m.298 views

Rconfig 3.x - Chained Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

8.8AI score
Exploits0
Circl
Circl
added 2020/03/16 11:28 a.m.18 views

CVE-2020-10220

creationtimestamp| type| source ---|---|--- 2020-03-16 11:28:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigajaxarchivefilesrce.rb 2020-03-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48223 2024-10-10...

9.8CVSS8.5AI score0.99683EPSS
Exploits14References3
Packet Storm
Packet Storm
added 2020/03/16 12:0 a.m.147 views

Rconfig 3.x Chained Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...

9CVSS0.99683EPSS
Exploits20
exploitpack
exploitpack
added 2020/03/12 12:0 a.m.123 views

rConfig 3.9 - searchColumn SQL Injection

rConfig 3.9 - searchColumn SQL Injection Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see al...

7.5CVSS9.7AI score0.99683EPSS
Exploits14
0day.today
0day.today
added 2020/03/12 12:0 a.m.145 views

rConfig 3.9 - (searchColumn) SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also :...

7.5CVSS9.3AI score0.99683EPSS
Exploits14
CVE
CVE
added 2020/03/07 10:37 p.m.300 views

CVE-2020-10220

CVE-2020-10220 affects rConfig up to v3.9.4, with a SQL injection in the web interface via commands.inc.php searchColumn that can lead to unauthenticated remote code execution. Multiple public exploits (e.g., rConfig 3.9.x) demonstrate chaining SQLi to create an admin user and then trigger a file...

9.8CVSS9.3AI score0.99683EPSS
Exploits14References5Affected Software1
Rows per page
Query Builder