Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rconfig
(Rconfig)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-07 | CVE-2020-10220 | An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter. | Rconfig | N/A | ||
| 2019-11-21 | CVE-2019-19207 | rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | Rconfig | N/A | ||
| 2019-10-28 | CVE-2019-16663 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution. | Rconfig | N/A | ||
| 2019-10-28 | CVE-2019-16662 | An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. | Rconfig | N/A |