Vulnerabilities > Rconfig

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-12258 Session Fixation vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled.
network
low complexity
rconfig CWE-384
6.4
2020-05-18 CVE-2020-12257 Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token.
network
rconfig CWE-352
6.8
2020-05-18 CVE-2020-12259 Cross-site Scripting vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to reflected XSS.
network
rconfig CWE-79
3.5
2020-03-23 CVE-2020-10879 Injection vulnerability in Rconfig
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-74
7.5
2020-03-20 CVE-2020-9425 Insufficiently Protected Credentials vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-522
5.0
2020-03-08 CVE-2020-10221 OS Command Injection vulnerability in Rconfig
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
network
low complexity
rconfig CWE-78
8.8
2020-03-07 CVE-2020-10220 SQL Injection vulnerability in Rconfig
An issue was discovered in rConfig through 3.9.4.
network
low complexity
rconfig CWE-89
7.5
2020-01-06 CVE-2019-19585 Improper Privilege Management vulnerability in Rconfig 3.9.3
An issue was discovered in rConfig 3.9.3.
local
low complexity
rconfig CWE-269
7.8
2020-01-06 CVE-2019-19509 OS Command Injection vulnerability in Rconfig 3.9.3
An issue was discovered in rConfig 3.9.3.
network
low complexity
rconfig CWE-78
8.8
2019-11-28 CVE-2019-19372 Path Traversal vulnerability in Rconfig
A downloadFile.php download_file path traversal vulnerability in rConfig through 3.9.3 allows attackers to list files in arbitrary folders and potentially download files.
network
low complexity
rconfig CWE-22
7.5