CVE-2019-16662

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*

Information

Published : 2019-10-28 05:15

Updated : 2019-10-29 12:15


NVD link : CVE-2019-16662

Mitre link : CVE-2019-16662


JSON object : View

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Advertisement

dedicated server usa

Products Affected

rconfig

  • rconfig