2 matches found
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
The v3.9.4 release of rConfig is affected by a Server-Side Request Forgery (SSRF) in the path parameter of /ajaxGetFileByPath.php. An authenticated attacker can inject crafted URLs to cause arbitrary requests, potentially reading local files or accessing internal network resources. The impact is ...