Vulnerabilities > Rconfig
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-11 | CVE-2021-29005 | Incorrect Default Permissions vulnerability in Rconfig 3.9.6 Insecure permission of chmod command on rConfig server 3.9.6 exists. | 9.0 |
2021-10-11 | CVE-2021-29006 | Information Exposure vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. | 4.0 |
2021-10-11 | CVE-2021-29004 | SQL Injection vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by SQL Injection. | 6.5 |
2021-08-20 | CVE-2020-25351 | Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5 An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. | 4.0 |
2021-08-20 | CVE-2020-25352 | Cross-site Scripting vulnerability in Rconfig 3.9.5 A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. | 3.5 |
2021-08-20 | CVE-2020-25353 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5 A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. | 4.0 |
2021-08-20 | CVE-2020-25359 | Missing Authorization vulnerability in Rconfig 3.9.5 An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. | 6.4 |
2021-08-20 | CVE-2020-27464 | Missing Authorization vulnerability in Rconfig An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | 6.8 |
2021-08-20 | CVE-2020-27466 | Missing Authorization vulnerability in Rconfig 3.9.6 An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | 6.8 |
2021-08-09 | CVE-2020-23148 | Injection vulnerability in Rconfig 3.9.5 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | 5.0 |