rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-23T21:44:49
Updated: 2024-08-04T11:14:16.073Z
Reserved: 2020-03-23T00:00:00
Link: CVE-2020-10879
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-23T22:15:12.737
Modified: 2024-11-21T04:56:16.623
Link: CVE-2020-10879
Redhat
No data.