Vulnerabilities > Rconfig > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-11 | CVE-2021-29005 | Incorrect Default Permissions vulnerability in Rconfig 3.9.6 Insecure permission of chmod command on rConfig server 3.9.6 exists. | 9.0 |
2021-08-20 | CVE-2020-25359 | Missing Authorization vulnerability in Rconfig 3.9.5 An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. | 9.1 |
2021-08-09 | CVE-2020-23151 | OS Command Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | 9.8 |
2020-10-19 | CVE-2020-13778 | OS Command Injection vulnerability in Rconfig rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | 9.0 |
2019-10-28 | CVE-2019-16663 | OS Command Injection vulnerability in Rconfig 3.9.2 An issue was discovered in rConfig 3.9.2. | 9.0 |
2019-10-28 | CVE-2019-16662 | OS Command Injection vulnerability in Rconfig 3.9.2 An issue was discovered in rConfig 3.9.2. | 10.0 |