Vulnerabilities > Rconfig

DATE CVE VULNERABILITY TITLE RISK
2020-11-13 CVE-2020-13638 Improper Authentication vulnerability in Rconfig
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation.
network
low complexity
rconfig CWE-287
7.5
2020-10-19 CVE-2020-13778 OS Command Injection vulnerability in Rconfig
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
network
low complexity
rconfig CWE-78
critical
9.0
2020-07-28 CVE-2020-15715 Unspecified vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script.
network
low complexity
rconfig
6.5
2020-07-28 CVE-2020-15714 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
6.5
2020-07-28 CVE-2020-15713 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
6.5
2020-07-28 CVE-2020-15712 Path Traversal vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system.
network
low complexity
rconfig CWE-22
4.0
2020-06-04 CVE-2020-10549 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10548 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10547 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10546 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5