Filtered by vendor Rconfig
Subscribe
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2023-01-31 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | |||||
| CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2023-01-31 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
| CVE-2022-44384 | 1 Rconfig | 1 Rconfig | 2022-11-18 | N/A | 8.8 HIGH |
| An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2022-10-26 | 5.0 MEDIUM | 7.5 HIGH |
| The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | |||||
| CVE-2020-23151 | 1 Rconfig | 1 Rconfig | 2022-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | |||||
| CVE-2020-10221 | 1 Rconfig | 1 Rconfig | 2022-10-07 | 9.0 HIGH | 8.8 HIGH |
| lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | |||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | |||||
| CVE-2020-13778 | 1 Rconfig | 1 Rconfig | 2022-06-14 | 9.0 HIGH | 8.8 HIGH |
| rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | |||||
| CVE-2020-10549 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10548 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10547 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2020-10546 | 1 Rconfig | 1 Rconfig | 2021-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. | |||||
| CVE-2021-29005 | 1 Rconfig | 1 Rconfig | 2021-10-18 | 9.0 HIGH | 8.8 HIGH |
| Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server. | |||||
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2021-10-15 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | |||||
| CVE-2021-29006 | 1 Rconfig | 1 Rconfig | 2021-10-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server. | |||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | |||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | |||||
| CVE-2020-27464 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | |||||