Vulnerabilities > Rconfig

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-29005 Incorrect Default Permissions vulnerability in Rconfig 3.9.6
Insecure permission of chmod command on rConfig server 3.9.6 exists.
network
low complexity
rconfig CWE-276
critical
9.0
2021-10-11 CVE-2021-29006 Information Exposure vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability.
network
low complexity
rconfig CWE-200
4.0
2021-10-11 CVE-2021-29004 SQL Injection vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by SQL Injection.
network
low complexity
rconfig CWE-89
6.5
2021-08-20 CVE-2020-25351 Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-552
4.0
2021-08-20 CVE-2020-25352 Cross-site Scripting vulnerability in Rconfig 3.9.5
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6.
network
rconfig CWE-79
3.5
2021-08-20 CVE-2020-25353 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-918
4.0
2021-08-20 CVE-2020-25359 Missing Authorization vulnerability in Rconfig 3.9.5
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-862
6.4
2021-08-20 CVE-2020-27464 Missing Authorization vulnerability in Rconfig
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
network
rconfig CWE-862
6.8
2021-08-20 CVE-2020-27466 Missing Authorization vulnerability in Rconfig 3.9.6
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
network
rconfig CWE-862
6.8
2021-08-09 CVE-2020-23148 Injection vulnerability in Rconfig 3.9.5
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
network
low complexity
rconfig CWE-74
5.0