Vulnerabilities > Rconfig > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-10-11 CVE-2021-29006 Information Exposure vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability.
network
low complexity
rconfig CWE-200
4.0
2021-10-11 CVE-2021-29004 SQL Injection vulnerability in Rconfig 3.9.6
rConfig 3.9.6 is affected by SQL Injection.
network
low complexity
rconfig CWE-89
6.5
2021-08-20 CVE-2020-25351 Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6.
network
low complexity
rconfig CWE-552
4.0
2021-08-20 CVE-2020-25353 Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5
A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6.
network
low complexity
rconfig CWE-918
4.0
2021-08-20 CVE-2020-27464 Missing Authorization vulnerability in Rconfig
An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
network
rconfig CWE-862
6.8
2021-08-20 CVE-2020-27466 Missing Authorization vulnerability in Rconfig 3.9.6
An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
network
rconfig CWE-862
6.8
2021-08-09 CVE-2020-23149 SQL Injection vulnerability in Rconfig 3.9.5
The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
network
low complexity
rconfig CWE-89
5.0
2021-08-09 CVE-2020-23150 SQL Injection vulnerability in Rconfig 3.9.5
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
network
low complexity
rconfig CWE-89
5.0
2020-07-28 CVE-2020-15715 Unspecified vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script.
network
low complexity
rconfig
6.5
2020-07-28 CVE-2020-15714 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
6.5