Vulnerabilities > Rconfig > Rconfig > 3.0.0

DATE CVE VULNERABILITY TITLE RISK
2021-08-20 CVE-2020-27464 Missing Authorization vulnerability in Rconfig
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
network
rconfig CWE-862
6.8
2020-10-19 CVE-2020-13778 OS Command Injection vulnerability in Rconfig
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
network
low complexity
rconfig CWE-78
critical
9.0
2020-06-04 CVE-2020-10549 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10548 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10547 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10546 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-03-23 CVE-2020-10879 Injection vulnerability in Rconfig
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-74
7.5
2020-03-20 CVE-2020-9425 Insufficiently Protected Credentials vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-522
5.0
2020-03-08 CVE-2020-10221 OS Command Injection vulnerability in Rconfig
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
network
low complexity
rconfig CWE-78
8.8
2020-03-07 CVE-2020-10220 SQL Injection vulnerability in Rconfig
An issue was discovered in rConfig through 3.9.4.
network
low complexity
rconfig CWE-89
7.5