Vulnerabilities > Rconfig > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-28 CVE-2020-15713 SQL Injection vulnerability in Rconfig 3.9.5
rConfig 3.9.5 is vulnerable to SQL injection.
network
low complexity
rconfig CWE-89
6.5
6.5
2020-07-28 CVE-2020-15712 Path Traversal vulnerability in Rconfig 3.9.5
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system.
network
low complexity
rconfig CWE-22
4.0
4.0
2020-05-18 CVE-2020-12255 Unrestricted Upload of File with Dangerous Type vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality.
network
low complexity
rconfig CWE-434
6.5
6.5
2020-05-18 CVE-2020-12258 Session Fixation vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled.
network
low complexity
rconfig CWE-384
6.4
6.4
2020-05-18 CVE-2020-12257 Cross-Site Request Forgery (CSRF) vulnerability in Rconfig 3.9.4
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token.
network
rconfig CWE-352
6.8
6.8
2020-03-20 CVE-2020-9425 Insufficiently Protected Credentials vulnerability in Rconfig
An issue was discovered in includes/head.inc.php in rConfig before 3.9.4.
network
low complexity
rconfig CWE-522
5.0
5.0
2019-11-21 CVE-2019-19207 SQL Injection vulnerability in Rconfig 3.9.2
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.
network
low complexity
rconfig CWE-89
6.5
6.5