13 matches found
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
Server side request forgery (ssrf)
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
Server side request forgery (ssrf)
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
CVE-2023-39109 : Multiple sources confirm a Server-Side Request Forgery (SSRF) in rConfig v3.9.4, via the path_a parameter in the doDiff function of /classes/compareClass.php. This allows authenticated attackers to cause the server to fetch arbitrary URLs, including potentially internal resources...
CVE-2023-39108
The CVE-2023-39108 entry concerns rconfig v3.9.4, where a Server-Side Request Forgery (SSRF) flaw exists in the path_b parameter of the doDiff function in /classes/compareClass.php. The authenticated attacker can cause the server to fetch arbitrary URLs by injecting crafted URLs, with potential a...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39108
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the pathb parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39110
The v3.9.4 release of rConfig is affected by a Server-Side Request Forgery (SSRF) in the path parameter of /ajaxGetFileByPath.php. An authenticated attacker can inject crafted URLs to cause arbitrary requests, potentially reading local files or accessing internal network resources. The impact is ...
CVE-2023-39110
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...
CVE-2023-39109
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs...