482 matches found
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
Server side request forgery (ssrf)
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
Server side request forgery (ssrf)
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
PT-2023-26784 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rconfig version 3.9.4 Description: The issue allows authenticated attackers to make arbitrary requests via injection of crafted URLs, exploiting a Server-Side Request Forgery SSRF vulnerability. This is achieved through the path b parameter i...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...
CVE-2023-39110
The v3.9.4 release of rConfig is affected by a Server-Side Request Forgery (SSRF) in the path parameter of /ajaxGetFileByPath.php. An authenticated attacker can inject crafted URLs to cause arbitrary requests, potentially reading local files or accessing internal network resources. The impact is ...
rConfig Code Issue Vulnerability
rConfig is an open source network configuration management utility. A security vulnerability exists in rConfig v3.9.4, which stems from a pathb parameter in the doDiff function of /classes/compareClass.php that contains server-side request forgery SSRF, which allows an authenticated attacker to...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
CVE-2023-39109 : Multiple sources confirm a Server-Side Request Forgery (SSRF) in rConfig v3.9.4, via the path_a parameter in the doDiff function of /classes/compareClass.php. This allows authenticated attackers to cause the server to fetch arbitrary URLs, including potentially internal resources...
CVE-2023-39108
The CVE-2023-39108 entry concerns rconfig v3.9.4, where a Server-Side Request Forgery (SSRF) flaw exists in the path_b parameter of the doDiff function in /classes/compareClass.php. The authenticated attacker can cause the server to fetch arbitrary URLs by injecting crafted URLs, with potential a...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...