Vulnerabilities > Rconfig
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 8.8 |
| 2020-07-28 | CVE-2020-15715 | Unspecified vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. | 9.9 |
| 2020-07-28 | CVE-2020-15714 | SQL Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 is vulnerable to SQL injection. | 8.8 |
| 2020-07-28 | CVE-2020-15713 | SQL Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 is vulnerable to SQL injection. | 8.8 |
| 2020-07-28 | CVE-2020-15712 | Path Traversal vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. | 4.3 |
| 2020-06-04 | CVE-2020-10549 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. | 9.8 |
| 2020-06-04 | CVE-2020-10548 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. | 9.8 |
| 2020-06-04 | CVE-2020-10547 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. | 9.8 |
| 2020-06-04 | CVE-2020-10546 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. | 9.8 |
| 2020-05-18 | CVE-2020-12256 | Cross-site Scripting vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to reflected XSS. | 5.4 |