Vulnerabilities > Rconfig > Rconfig > 3.9.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-01 | CVE-2023-39108 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. | 8.8 |
2023-08-01 | CVE-2023-39109 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. | 8.8 |
2023-08-01 | CVE-2023-39110 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. | 8.8 |
2021-08-20 | CVE-2020-27464 | Missing Authorization vulnerability in Rconfig An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | 6.8 |
2020-11-13 | CVE-2020-13638 | Improper Authentication vulnerability in Rconfig lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. | 7.5 |
2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 9.0 |
2020-06-04 | CVE-2020-10549 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. | 7.5 |
2020-06-04 | CVE-2020-10548 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. | 7.5 |
2020-06-04 | CVE-2020-10547 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. | 7.5 |
2020-06-04 | CVE-2020-10546 | SQL Injection vulnerability in Rconfig rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. | 7.5 |