Vulnerabilities (CVE)

Filtered by vendor Rconfig Subscribe
Total 44 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-15715 1 Rconfig 1 Rconfig 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.
CVE-2020-15714 1 Rconfig 1 Rconfig 2024-11-21 6.5 MEDIUM 8.8 HIGH
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2020-15713 1 Rconfig 1 Rconfig 2024-11-21 6.5 MEDIUM 8.8 HIGH
rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVE-2020-15712 1 Rconfig 1 Rconfig 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.
CVE-2020-13778 1 Rconfig 1 Rconfig 2024-11-21 9.0 HIGH 8.8 HIGH
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
CVE-2020-13638 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
CVE-2020-12259 1 Rconfig 1 Rconfig 2024-11-21 3.5 LOW 5.4 MEDIUM
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php.
CVE-2020-12258 1 Rconfig 1 Rconfig 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
CVE-2020-12257 1 Rconfig 1 Rconfig 2024-11-21 6.8 MEDIUM 8.8 HIGH
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
CVE-2020-12256 1 Rconfig 1 Rconfig 2024-11-21 3.5 LOW 5.4 MEDIUM
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php.
CVE-2020-12255 1 Rconfig 1 Rconfig 2024-11-21 6.5 MEDIUM 8.8 HIGH
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.
CVE-2020-10879 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
CVE-2020-10549 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10548 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10221 1 Rconfig 1 Rconfig 2024-11-21 9.0 HIGH 8.8 HIGH
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
CVE-2020-10220 1 Rconfig 1 Rconfig 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVE-2019-19585 1 Rconfig 1 Rconfig 2024-11-21 4.6 MEDIUM 7.8 HIGH
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
CVE-2019-19509 1 Rconfig 1 Rconfig 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.