11 matches found
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
Server side request forgery (ssrf)
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...
CVE-2023-39108
The CVE-2023-39108 entry concerns rconfig v3.9.4, where a Server-Side Request Forgery (SSRF) flaw exists in the path_b parameter of the doDiff function in /classes/compareClass.php. The authenticated attacker can cause the server to fetch arbitrary URLs by injecting crafted URLs, with potential a...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
CVE-2023-39109 : Multiple sources confirm a Server-Side Request Forgery (SSRF) in rConfig v3.9.4, via the path_a parameter in the doDiff function of /classes/compareClass.php. This allows authenticated attackers to cause the server to fetch arbitrary URLs, including potentially internal resources...
PT-2023-26784 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.4 Description: The issue allows authenticated attackers to make arbitrary requests via injection of crafted URLs, exploiting a Server-Side Request Forgery SSRF vulnerability. This is achieved through the path b parameter i...