Lucene search
K

482 matches found

OSV
OSV
added 2023/08/01 2:15 p.m.9 views

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS5.9AI score0.02965EPSS
Exploits1References1
NVD
NVD
added 2023/08/01 2:15 p.m.16 views

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS8.8AI score0.02746EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/01 2:15 p.m.5 views

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS7.5AI score0.02746EPSS
Exploits1References3
OSV
OSV
added 2023/08/01 2:15 p.m.3 views

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS5.9AI score0.02965EPSS
Exploits1References1
NVD
NVD
added 2023/08/01 2:15 p.m.18 views

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS8.8AI score0.02965EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/08/01 2:15 p.m.2 views

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

8.8CVSS7.5AI score0.02965EPSS
Exploits1References3
Prion
Prion
added 2023/08/01 2:15 p.m.18 views

Server side request forgery (ssrf)

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

6.5CVSS8.7AI score0.02746EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/08/01 2:15 p.m.13 views

Server side request forgery (ssrf)

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

6.5CVSS8.7AI score0.02965EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/08/01 12:0 a.m.17 views

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

9AI score0.02965EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/08/01 12:0 a.m.12 views

CVE-2023-39109

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

7.5AI score0.02965EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/01 12:0 a.m.5 views

PT-2023-26784 · Rconfig · Rconfig

Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.4 Description: The issue allows authenticated attackers to make arbitrary requests via injection of crafted URLs, exploiting a Server-Side Request Forgery SSRF vulnerability. This is achieved through the path b parameter i...

8.8CVSS8.7AI score0.02965EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/08/01 12:0 a.m.11 views

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

7.5AI score0.02965EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.3 views

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...

8.8CVSS6.8AI score0.02965EPSS
Exploits1References2
CVE
CVE
added 2023/08/01 12:0 a.m.49 views

CVE-2023-39110

The v3.9.4 release of rConfig is affected by a Server-Side Request Forgery (SSRF) in the path parameter of /ajaxGetFileByPath.php. An authenticated attacker can inject crafted URLs to cause arbitrary requests, potentially reading local files or accessing internal network resources. The impact is ...

8.8CVSS8.7AI score0.02746EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/08/01 12:0 a.m.3 views

rConfig Code Issue Vulnerability

rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...

8.8CVSS6.8AI score0.02965EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/08/01 12:0 a.m.18 views

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

9AI score0.02746EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/08/01 12:0 a.m.7 views

CVE-2023-39110

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

7.5AI score0.02746EPSS
Exploits1References1
CVE
CVE
added 2023/08/01 12:0 a.m.53 views

CVE-2023-39109

CVE-2023-39109 : Multiple sources confirm a Server-Side Request Forgery (SSRF) in rConfig v3.9.4, via the path_a parameter in the doDiff function of /classes/compareClass.php. This allows authenticated attackers to cause the server to fetch arbitrary URLs, including potentially internal resources...

8.8CVSS8.7AI score0.02965EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/08/01 12:0 a.m.56 views

CVE-2023-39108

The CVE-2023-39108 entry concerns rconfig v3.9.4, where a Server-Side Request Forgery (SSRF) flaw exists in the path_b parameter of the doDiff function in /classes/compareClass.php. The authenticated attacker can cause the server to fetch arbitrary URLs by injecting crafted URLs, with potential a...

8.8CVSS8.7AI score0.02965EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/08/01 12:0 a.m.16 views

CVE-2023-39108

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...

9AI score0.02965EPSS
Exploits1References1
Rows per page
Query Builder