Search Results | AttackerKB

3 Total Results

Displaying 1-3 of 3

Attacker Value

Very High

CVE-2019-16662

Disclosure Date: October 28, 2019 (last updated November 27, 2024)

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

Attacker Value

Unknown

CVE-2019-19207

Disclosure Date: November 21, 2019 (last updated November 27, 2024)

rConfig 3.9.2 allows devices.php?searchColumn= SQL injection.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2019-16663

Disclosure Date: October 28, 2019 (last updated November 27, 2024)

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

Attack Vector: Network Privileges: Low User Interaction: None

3 Total Results

Displaying 1-3 of 3

Very High

CVE-2019-16662

Unknown

CVE-2019-19207

Unknown

CVE-2019-16663

Quick Cookie Notification