Vulnerabilities > Rconfig > High

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2020-23149 SQL Injection vulnerability in Rconfig 3.9.5
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
network
low complexity
rconfig CWE-89
7.5
7.5
2021-08-09 CVE-2020-23150 SQL Injection vulnerability in Rconfig 3.9.5
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
network
low complexity
rconfig CWE-89
7.5
7.5
2020-10-19 CVE-2020-13778 OS Command Injection vulnerability in Rconfig
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
network
low complexity
rconfig CWE-78
8.8
8.8
2020-07-28 CVE-2020-15714 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
8.8
8.8
2020-07-28 CVE-2020-15713 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
8.8
8.8
2020-05-18 CVE-2020-12255 Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality.
network
low complexity
rconfig CWE-434
8.8
8.8
2020-05-18 CVE-2020-12257 Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token.
network
low complexity
rconfig CWE-352
8.8
8.8
2020-03-20 CVE-2020-9425 Always-Incorrect Control Flow Implementation vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-670
7.5
7.5
2020-03-08 CVE-2020-10221 OS Command Injection vulnerability in Rconfig
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
network
low complexity
rconfig CWE-78
8.8
8.8
2020-01-06 CVE-2019-19585 Improper Privilege Management vulnerability in Rconfig 3.9.3
An issue was discovered in rConfig 3.9.3.
local
low complexity
rconfig CWE-269
7.8
7.8