Search Results | AttackerKB

Show filters

Topics 2 Users 0

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Moderate

CVE-2019-19585

Disclosure Date: August 08, 2019 (last updated October 06, 2023)

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.

Attack Vector: Local Privileges: Low User Interaction: None

0

Attacker Value

Very High

CVE-2020-10220

Disclosure Date: March 07, 2020 (last updated October 06, 2023)

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

Attack Vector: Network Privileges: None User Interaction: None

1