Vulnerabilities > CVE-2023-39108 - Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |