📦 Rconfig
by Rconfig
🔍 What is Rconfig?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2020-25359 is an arbitrary file deletion vulnerability in rConfig that allows attackers to delete all files with a specific extension in any directory accessible to the web server. Attackers can e...
CVE-2020-23151 is a critical command injection vulnerability in rConfig that allows attackers to execute arbitrary commands on the server. The vulnerability affects rConfig 3.9.5 installations where t...
CVE-2023-39108 is a Server-Side Request Forgery (SSRF) vulnerability in rconfig v3.9.4 that allows authenticated attackers to make arbitrary HTTP requests from the vulnerable server. This affects orga...
CVE-2023-39110 is a Server-Side Request Forgery (SSRF) vulnerability in rconfig v3.9.4 that allows authenticated attackers to make arbitrary HTTP requests from the vulnerable server via the /ajaxGetFi...
This SQL injection vulnerability in rConfig 3.9.7 allows attackers to execute arbitrary SQL commands via the 'command' parameter in ajaxCompareGetCmdDates.php. This could lead to unauthorized data acc...
CVE-2021-29004 is an authenticated SQL injection vulnerability in rConfig 3.9.6 that allows attackers to upload webshells to the server when MySQL's secure-file-priv option is not properly configured....
This vulnerability allows unauthenticated attackers to execute arbitrary code on rConfig servers by uploading a malicious ZIP file to the insecure /updater.php component. It affects all rConfig instal...
This LDAP injection vulnerability in rConfig allows attackers to manipulate LDAP queries by sending crafted POST requests to the login endpoint. Attackers can potentially extract sensitive information...
This SQL injection vulnerability in rConfig 3.9.5 allows attackers to execute arbitrary SQL commands via crafted GET requests to the ajaxDbInstall.php endpoint. This can lead to unauthorized access to...
CVE-2023-24366 is an arbitrary file download vulnerability in rConfig v6.8.0 that allows attackers to download sensitive files from the server via crafted HTTP requests. This affects all organizations...