16 matches found
EUVD-2020-19976
Malware in sbrugna...
EUVD-2021-15650
Malware in sbrugna...
CVE-2022-44384
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...
Arbitrary file deletion
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...
CVE-2021-29006
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server...
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...
Arbitrary file deletion
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-27466
CVE-2020-27466 affects rConfig 3.9.6. The vulnerability is in lib/AjaxHandlers/ajaxEditTemplate.php and is described as an arbitrary file write that allows an attacker to execute arbitrary code via a crafted file. Publicly available connected documents corroborate this as the core issue; however,...
CVE-2020-27466
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file...
CVE-2020-27464
CVE-2020-27464 affects rConfig versions up to 3.9.6, where an insecure update feature in the /updater.php component allows an attacker to execute arbitrary code through a specially crafted ZIP file. Documents consistently describe the vulnerability as an update mechanism issue leading to code exe...
CVE-2020-27464
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file...
CVE-2020-25359
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delet...
CVE-2020-25352
A stored cross-site scripting XSS vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving...
rConfig Vendors Auth File Upload RCE
This module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php. Then, the uploaded payload can be triggered by a call to images/vendor/.php Module Options msf use...
rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution (Authenticated) (1)
Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated 1 Date: 2021-03-17 Exploit Author: Murat ŞEKER Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...