CVE Tools

rconfig

Networking Infrastructureunknown

23

Cumulative CVEs

5

Monthly snapshots

#68

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting rconfig.

CVE-2023-39110rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary r...8.8Aug 1, 2023
CVE-2023-39109rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated a...8.8Aug 1, 2023
CVE-2023-39108rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated a...8.8Aug 1, 2023
CVE-2022-45030A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).8.8Apr 15, 2023
CVE-2023-24366An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.6.5Mar 27, 2023
CVE-2022-44384An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.8.8Nov 17, 2022
CVE-2021-29005Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to ...8.8Oct 11, 2021
CVE-2021-29006rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.6.5Oct 11, 2021
CVE-2021-29004rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, ...8.8Oct 11, 2021
CVE-2020-27466An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.7.8Aug 20, 2021
CVE-2020-27464An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.7.8Aug 20, 2021
CVE-2020-25359An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLogging...9.1Aug 20, 2021
CVE-2020-25353A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the d...6.5Aug 20, 2021
CVE-2020-25352A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Jav...5.4Aug 20, 2021
CVE-2020-25351An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted reques...6.5Aug 20, 2021