Lucene search
+L

21 matches found

redhatcve
redhatcve
added 2026/01/09 9:54 a.m.10 views

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

7.5CVSS6.7AI score0.01623EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-15903

Malware in sbrugna...

7.5CVSS7.6AI score0.01558EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/05/22 4:24 p.m.5 views

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

9.9CVSS7.6AI score0.04202EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/22 3:51 p.m.7 views

CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

7.5CVSS7.4AI score0.01558EPSS
Exploits1
nvd
nvd
added 2021/08/20 7:15 p.m.13 views

CVE-2020-25353

A server-side request forgery SSRF vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters...

6.5CVSS0.00988EPSS
Exploits1References1
nvd
nvd
added 2021/08/20 7:15 p.m.16 views

CVE-2020-25359

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delet...

9.1CVSS0.0225EPSS
Exploits1References2
cve
cve
added 2021/08/20 6:10 p.m.64 views

CVE-2020-25359

The CVE-2020-25359 issue affects rConfig 3.9.5 and is fixed in 3.9.6. An attacker can delete arbitrary files by crafting a request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php, supplying a path in the path parameter and an extension in the ext parameter to delete all files with that extensi...

9.1CVSS9AI score0.0225EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2021/08/09 11:15 p.m.18 views

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

7.5CVSS0.01353EPSS
Exploits1References1
nvd
nvd
added 2021/08/09 11:15 p.m.29 views

CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

7.5CVSS0.01623EPSS
Exploits1References2
prion
prion
added 2021/08/09 11:15 p.m.22 views

Sql injection

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

5CVSS7.8AI score0.01353EPSS
Exploits1References1Affected Software1
prion
prion
added 2021/08/09 11:15 p.m.16 views

Design/Logic Flaw

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request...

5CVSS7.4AI score0.01623EPSS
Exploits1References2Affected Software1
prion
prion
added 2021/08/09 11:15 p.m.13 views

Sql injection

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

5CVSS7.6AI score0.01558EPSS
Exploits1References1Affected Software1
cve
cve
added 2021/08/09 10:54 p.m.59 views

CVE-2020-23151

CVE-2020-23151 concerns rConfig 3.9.5, where a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php can trigger command injection because the path parameter is passed directly to exec without escaping. Multiple sources (Red Hat, NVD, CNNVD, PRION, OpenVAS, CVE list) corroborate this singl...

9.8CVSS9.6AI score0.05718EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2021/08/09 10:54 p.m.26 views

CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php...

8.1AI score0.01558EPSS
Exploits1References1
cve
cve
added 2021/08/09 10:54 p.m.57 views

CVE-2020-23150

CVE-2020-23150 concerns rConfig 3.9.5. Concrete details in the connected docs show a SQL injection vulnerability in config.inc.php that can be exploited by sending a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php to access sensitive database information. Affected software: rCon...

7.5CVSS7.7AI score0.01558EPSS
Exploits1References1Affected Software1
cve
cve
added 2021/08/09 10:54 p.m.65 views

CVE-2020-23148

CVE-2020-23148 affects rConfig 3.9.5 via a vulnerability in the LDAP login path. The issue is the unsanitized userLogin parameter in ldap/login.php , which can lead to a LDAP injection and potential exposure of sensitive information through a crafted POST request. Public references consistently d...

7.5CVSS7.8AI score0.01623EPSS
Exploits1References2Affected Software1
osv
osv
added 2020/07/28 2:15 p.m.5 views

CVE-2020-15714

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the customLocation parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database...

8.8CVSS7.3AI score0.02791EPSS
Exploits0References2
nvd
nvd
added 2020/07/28 2:15 p.m.11 views

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

9.9CVSS9.4AI score0.04202EPSS
Exploits0References2
prion
prion
added 2020/07/28 2:15 p.m.18 views

Code injection

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

6.5CVSS9.3AI score0.04202EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2020/07/28 1:4 p.m.16 views

CVE-2020-15715

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter...

9.5AI score0.04202EPSS
Exploits0References2
Rows per page
Query Builder