Vulnerabilities > Rconfig
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-12255 | Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. | 8.8 |
| 2020-05-18 | CVE-2020-12258 | Session Fixation vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. | 9.1 |
| 2020-05-18 | CVE-2020-12257 | Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. | 8.8 |
| 2020-05-18 | CVE-2020-12259 | Cross-site Scripting vulnerability in Rconfig 3.9.4 rConfig 3.9.4 is vulnerable to reflected XSS. | 5.4 |
| 2020-03-23 | CVE-2020-10879 | OS Command Injection vulnerability in Rconfig rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | 9.8 |
| 2020-03-20 | CVE-2020-9425 | Always-Incorrect Control Flow Implementation vulnerability in Rconfig An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. | 7.5 |
| 2020-03-08 | CVE-2020-10221 | OS Command Injection vulnerability in Rconfig lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter. | 8.8 |
| 2020-03-07 | CVE-2020-10220 | SQL Injection vulnerability in Rconfig An issue was discovered in rConfig through 3.9.4. | 9.8 |
| 2020-01-06 | CVE-2019-19585 | Improper Privilege Management vulnerability in Rconfig 3.9.3 An issue was discovered in rConfig 3.9.3. | 7.8 |
| 2020-01-06 | CVE-2019-19509 | OS Command Injection vulnerability in Rconfig 3.9.3 An issue was discovered in rConfig 3.9.3. | 8.8 |