Vulnerabilities > Rconfig > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-01 CVE-2023-39108 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php.
network
low complexity
rconfig CWE-918
8.8
2023-08-01 CVE-2023-39109 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php.
network
low complexity
rconfig CWE-918
8.8
2023-08-01 CVE-2023-39110 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php.
network
low complexity
rconfig CWE-918
8.8
2023-04-15 CVE-2022-45030 SQL Injection vulnerability in Rconfig 3.9.7
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).
network
low complexity
rconfig CWE-89
8.8
2022-11-17 CVE-2022-44384 Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.6
An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
rconfig CWE-434
8.8
2021-08-09 CVE-2020-23148 Injection vulnerability in Rconfig 3.9.5
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
network
low complexity
rconfig CWE-74
7.5
2020-11-13 CVE-2020-13638 Improper Authentication vulnerability in Rconfig
lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation.
network
low complexity
rconfig CWE-287
7.5
2020-06-04 CVE-2020-10549 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10548 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5
2020-06-04 CVE-2020-10547 SQL Injection vulnerability in Rconfig
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection.
network
low complexity
rconfig CWE-89
7.5