Filtered by vendor Rconfig
Subscriptions
Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-13778 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | ||||
CVE-2020-13638 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | ||||
CVE-2020-12258 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.1 Critical |
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. | ||||
CVE-2020-12259 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 5.4 Medium |
rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. | ||||
CVE-2020-12256 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 5.4 Medium |
rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. | ||||
CVE-2020-12257 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | ||||
CVE-2020-12255 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. | ||||
CVE-2020-10879 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | ||||
CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | ||||
CVE-2020-10220 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 9.8 Critical |
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | ||||
CVE-2020-10221 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 8.8 High |
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | ||||
CVE-2020-9425 | 1 Rconfig | 1 Rconfig | 2024-08-04 | 7.5 High |
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | ||||
CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | ||||
CVE-2021-29006 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 6.5 Medium |
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. | ||||
CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | ||||
CVE-2022-45030 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | ||||
CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2024-08-03 | 8.8 High |
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. |