Vulnerabilities > Rconfig > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-24366 Unspecified vulnerability in Rconfig 6.8.0
An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.
network
low complexity
rconfig
6.5
2021-10-11 CVE-2021-29006 Path Traversal vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability.
network
low complexity
rconfig CWE-22
6.5
2021-08-20 CVE-2020-25351 Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-552
6.5
2021-08-20 CVE-2020-25352 Cross-site Scripting vulnerability in Rconfig 3.9.5
A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-79
5.4
2021-08-20 CVE-2020-25353 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-918
6.5
2020-07-28 CVE-2020-15712 Path Traversal vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system.
network
low complexity
rconfig CWE-22
4.3
2020-05-18 CVE-2020-12256 Cross-site Scripting vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to reflected XSS.
network
low complexity
rconfig CWE-79
5.4
2020-05-18 CVE-2020-12259 Cross-site Scripting vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to reflected XSS.
network
low complexity
rconfig CWE-79
5.4