Show filters

Showing topic results for "CVE-2019-16662":

(1-1 of 1)

Sort by:
Attacker Value
Very High

CVE-2019-16662

Disclosure Date: October 28, 2019 (last updated July 30, 2020)
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.