An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/v1k1ngfr | Exploit Third Party Advisory |
https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.py | Exploit Third Party Advisory |
https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_exploit.py?token= | Broken Link |
Configurations
History
31 Jan 2023, 20:39
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2020-01-06 20:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-19509
Mitre link : CVE-2019-19509
CVE.ORG link : CVE-2019-19509
JSON object : View
Products Affected
rconfig
- rconfig
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')