Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
CVE-2020-10221 | 1 Rconfig | 1 Rconfig | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | |||||
CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. |