Vulnerabilities > Rconfig > Rconfig

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2023-39108 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php.
network
low complexity
rconfig CWE-918
8.8
8.8
2023-08-01 CVE-2023-39109 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php.
network
low complexity
rconfig CWE-918
8.8
8.8
2023-08-01 CVE-2023-39110 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php.
network
low complexity
rconfig CWE-918
8.8
8.8
2023-04-15 CVE-2022-45030 SQL Injection vulnerability in Rconfig 3.9.7
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
network
low complexity
rconfig CWE-89
8.8
8.8
2022-11-17 CVE-2022-44384 Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.6
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
rconfig CWE-434
8.8
8.8
2021-10-11 CVE-2021-29005 Incorrect Default Permissions vulnerability in Rconfig 3.9.6
Insecure permission of chmod command on rConfig server 3.9.6 exists.
network
low complexity
rconfig CWE-276
critical
 9.0
9.0
2021-10-11 CVE-2021-29006 Information Exposure vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability.
network
low complexity
rconfig CWE-200
4.0
4.0
2021-10-11 CVE-2021-29004 SQL Injection vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by SQL Injection.
network
low complexity
rconfig CWE-89
6.5
6.5
2021-08-20 CVE-2020-25351 Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-552
4.0
4.0
2021-08-20 CVE-2020-25352 Cross-site Scripting vulnerability in Rconfig 3.9.5
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6.
network
rconfig CWE-79
3.5
3.5