Total
44 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | |||||
CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | |||||
CVE-2019-19585 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions. | |||||
CVE-2019-16663 | 1 Rconfig | 1 Rconfig | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. |