9 matches found
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution
rConfig 3.9.4 - searchField Unauthenticated Root Remote Code Execution Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 +...
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution
Exploit Title: rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution Exploit Author: vikingfr Greetz : Orange Cyberdefense - team CSR-SO https://cyberdefense.orange.com Date: 2020-03-12 CVE-2019-19509 + CVE-2019-19585 + CVE-2020-10220 Exploit link :...
Rconfig 3.x Chained Remote Code Execution Exploit
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this modul...
Rconfig 3.x - Chained Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
CVE-2020-10220
creationtimestamp| type| source ---|---|--- 2020-03-16 11:28:40+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfigajaxarchivefilesrce.rb 2020-03-17 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48223 2024-10-10...
Rconfig 3.x Chained Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Rconfig 3.x Chained Remote Code Execution', 'Description' = ' This module exploits multiple vulnerabilities in rConfig version 3.9 in order to...
rConfig 3.9 - searchColumn SQL Injection
rConfig 3.9 - searchColumn SQL Injection Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr Date: 2020-03-03 CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see al...
rConfig 3.9 - (searchColumn) SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: rConfig 3.9 - 'searchColumn' SQL Injection Exploit Author: vikingfr CVE-2020-10220 Exploit link : https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfigCVE-2020-10220.py Vendor Homepage: https://rconfig.com/ see also :...
CVE-2020-10220
CVE-2020-10220 affects rConfig up to v3.9.4, with a SQL injection in the web interface via commands.inc.php searchColumn that can lead to unauthenticated remote code execution. Multiple public exploits (e.g., rConfig 3.9.x) demonstrate chaining SQLi to create an admin user and then trigger a file...