Vulnerabilities > Rconfig > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-01 | CVE-2023-39108 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. | 8.8 |
2023-08-01 | CVE-2023-39109 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. | 8.8 |
2023-08-01 | CVE-2023-39110 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.4 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. | 8.8 |
2023-04-15 | CVE-2022-45030 | SQL Injection vulnerability in Rconfig 3.9.7 A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). | 8.8 |
2022-11-17 | CVE-2022-44384 | Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.6 An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file. | 8.8 |
2021-10-11 | CVE-2021-29005 | Incorrect Default Permissions vulnerability in Rconfig 3.9.6 Insecure permission of chmod command on rConfig server 3.9.6 exists. | 8.8 |
2021-10-11 | CVE-2021-29004 | SQL Injection vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by SQL Injection. | 8.8 |
2021-08-20 | CVE-2020-27464 | Missing Authorization vulnerability in Rconfig An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | 7.8 |
2021-08-20 | CVE-2020-27466 | Missing Authorization vulnerability in Rconfig 3.9.6 An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | 7.8 |
2021-08-09 | CVE-2020-23148 | Injection vulnerability in Rconfig 3.9.5 The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | 7.5 |