4 matches found
rConfig < 3.9.5 RCE Vulnerability
rConfig is prone to an authenticated remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2020-10879
CVE-2020-10879 affects rConfig before 3.9.5. The root cause is that the nodeId parameter is passed directly to exec in lib/crud/search.crud.php without escaping, enabling remote command execution. Public exploit references exist (e.g., Exploit-DB) and OpenVAS notes describe authenticated RCE. Imp...
rConfig 3.9.4 - search.crud.php Remote Command Injection
rConfig 3.9.4 - search.crud.php Remote Command Injection Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link:...
rConfig 3.9.4 - 'search.crud.php' Remote Command Injection
Exploit Title: rConfig 3.9.4 - 'search.crud.php' Remote Command Injection Date: 2020-03-21 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.4.zip Version: rConfig 3.9.4 Tested on: Cent OS 7 1908...