Vulnerabilities > Rconfig > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-11 | CVE-2021-29006 | Information Exposure vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. | 4.0 |
2021-10-11 | CVE-2021-29004 | SQL Injection vulnerability in Rconfig 3.9.6 rConfig 3.9.6 is affected by SQL Injection. | 6.5 |
2021-08-20 | CVE-2020-25351 | Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5 An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. | 4.0 |
2021-08-20 | CVE-2020-25353 | Server-Side Request Forgery (SSRF) vulnerability in Rconfig 3.9.5 A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. | 4.0 |
2021-08-20 | CVE-2020-27464 | Missing Authorization vulnerability in Rconfig An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | 6.8 |
2021-08-20 | CVE-2020-27466 | Missing Authorization vulnerability in Rconfig 3.9.6 An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | 6.8 |
2021-08-09 | CVE-2020-23149 | SQL Injection vulnerability in Rconfig 3.9.5 The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | 5.0 |
2021-08-09 | CVE-2020-23150 | SQL Injection vulnerability in Rconfig 3.9.5 A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | 5.0 |
2020-07-28 | CVE-2020-15715 | Unspecified vulnerability in Rconfig 3.9.5 rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. | 6.5 |
2020-07-28 | CVE-2020-15714 | SQL Injection vulnerability in Rconfig 3.9.5 rConfig 3.9.5 is vulnerable to SQL injection. | 6.5 |