Vulnerabilities > Rconfig > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-29005 Incorrect Default Permissions vulnerability in Rconfig 3.9.6
Insecure permission of chmod command on rConfig server 3.9.6 exists.
network
low complexity
rconfig CWE-276
critical
 9.0
9.0
2021-08-20 CVE-2020-25359 Missing Authorization vulnerability in Rconfig 3.9.5
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-862
critical
 9.1
9.1
2021-08-09 CVE-2020-23151 OS Command Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-78
critical
 9.8
9.8
2020-10-19 CVE-2020-13778 OS Command Injection vulnerability in Rconfig
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
network
low complexity
rconfig CWE-78
critical
 9.0
9.0
2019-10-28 CVE-2019-16663 OS Command Injection vulnerability in Rconfig 3.9.2
An issue was discovered in rConfig 3.9.2.
network
low complexity
rconfig CWE-78
critical
 9.0
9.0
2019-10-28 CVE-2019-16662 OS Command Injection vulnerability in Rconfig 3.9.2
An issue was discovered in rConfig 3.9.2.
network
low complexity
rconfig CWE-78
critical
 10.0
10