Filtered by vendor Rconfig
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29004 | 1 Rconfig | 1 Rconfig | 2021-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely. | |||||
| CVE-2020-25353 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability allowed remote authenticated attackers to open a connection to the machine via the deviceIpAddr and connPort parameters. | |||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2021-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | |||||
| CVE-2020-27464 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 6.8 MEDIUM | 7.8 HIGH |
| An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file. | |||||
| CVE-2020-25352 | 1 Rconfig | 1 Rconfig | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote attackers to perform arbitrary Javascript execution through entering a crafted payload into the 'Model' field then saving. | |||||
| CVE-2020-23149 | 1 Rconfig | 1 Rconfig | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information. | |||||
| CVE-2020-23150 | 1 Rconfig | 1 Rconfig | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php. | |||||
| CVE-2020-10879 | 1 Rconfig | 1 Rconfig | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped. | |||||
| CVE-2020-9425 | 1 Rconfig | 1 Rconfig | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. | |||||
| CVE-2020-13638 | 1 Rconfig | 1 Rconfig | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. | |||||
| CVE-2020-15712 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system. | |||||
| CVE-2020-15713 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2020-15714 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2020-15715 | 1 Rconfig | 1 Rconfig | 2020-07-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. | |||||
| CVE-2020-12255 | 1 Rconfig | 1 Rconfig | 2020-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. | |||||
| CVE-2020-12258 | 1 Rconfig | 1 Rconfig | 2020-05-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. | |||||
| CVE-2020-12257 | 1 Rconfig | 1 Rconfig | 2020-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). | |||||
| CVE-2020-12256 | 1 Rconfig | 1 Rconfig | 2020-05-18 | 3.5 LOW | 5.4 MEDIUM |
| rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. | |||||
| CVE-2020-12259 | 1 Rconfig | 1 Rconfig | 2020-05-18 | 3.5 LOW | 5.4 MEDIUM |
| rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. | |||||