Vulnerabilities > Rconfig
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-13 | CVE-2020-13638 | Improper Authentication vulnerability in Rconfig lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. | 7.5 |
| 2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 9.0 |
| 2020-07-28 | CVE-2020-15715 | Unspecified vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. | 6.5 |
| 2020-07-28 | CVE-2020-15714 | SQL Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 is vulnerable to SQL injection. | 6.5 |
| 2020-07-28 | CVE-2020-15713 | SQL Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 is vulnerable to SQL injection. | 6.5 |
| 2020-07-28 | CVE-2020-15712 | Path Traversal vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. | 4.0 |
| 2020-06-04 | CVE-2020-10549 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. | 7.5 |
| 2020-06-04 | CVE-2020-10548 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. | 7.5 |
| 2020-06-04 | CVE-2020-10547 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. | 7.5 |
| 2020-06-04 | CVE-2020-10546 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. | 7.5 |