Vulnerabilities > Rconfig

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-12256 Cross-Site Scripting vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to reflected XSS.
network
rconfig CWE-79
3.5
2020-05-18 CVE-2020-12255 Unrestricted Upload of File With Dangerous Type vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality.
network
low complexity
rconfig CWE-434
6.5
2020-05-18 CVE-2020-12258 Session Fixation vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled.
network
low complexity
rconfig CWE-384
6.4
2020-05-18 CVE-2020-12257 Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token.
network
rconfig CWE-352
6.8
2020-05-18 CVE-2020-12259 Cross-Site Scripting vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to reflected XSS.
network
rconfig CWE-79
3.5
2020-03-23 CVE-2020-10879 Injection vulnerability in Rconfig
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-74
7.5
2020-03-20 CVE-2020-9425 Insufficiently Protected Credentials vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-522
5.0
2020-03-08 CVE-2020-10221 OS Command Injection vulnerability in Rconfig
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
network
low complexity
rconfig CWE-78
critical
9.0
2020-03-07 CVE-2020-10220 SQL Injection vulnerability in Rconfig
An issue was discovered in rConfig through 3.9.4.
network
low complexity
rconfig CWE-89
7.5
2020-01-06 CVE-2019-19585 Improper Privilege Management vulnerability in Rconfig 3.9.3
An issue was discovered in rConfig 3.9.3.
local
low complexity
rconfig CWE-269
4.6