Vulnerabilities > Rconfig > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-08-20 CVE-2020-25359 Missing Authorization vulnerability in Rconfig 3.9.5
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-862
critical
 9.1
9.1
2021-08-09 CVE-2020-23151 OS Command Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-78
critical
 9.8
9.8
2020-11-13 CVE-2020-13638 Improper Privilege Management vulnerability in Rconfig
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation.
network
low complexity
rconfig CWE-269
critical
 9.8
9.8
2020-07-28 CVE-2020-15715 Unspecified vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script.
network
low complexity
rconfig
critical
 9.9
9.9
2020-06-04 CVE-2020-10549 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection.
network
low complexity
rconfig CWE-89
critical
 9.8
9.8
2020-06-04 CVE-2020-10548 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection.
network
low complexity
rconfig CWE-89
critical
 9.8
9.8
2020-06-04 CVE-2020-10547 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection.
network
low complexity
rconfig CWE-89
critical
 9.8
9.8
2020-06-04 CVE-2020-10546 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection.
network
low complexity
rconfig CWE-89
critical
 9.8
9.8
2020-05-18 CVE-2020-12258 Session Fixation vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled.
network
low complexity
rconfig CWE-384
critical
 9.1
9.1
2020-03-23 CVE-2020-10879 OS Command Injection vulnerability in Rconfig
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
network
low complexity
rconfig CWE-78
critical
 9.8
9.8