Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Very High

CVE-2020-10220

Disclosure Date: March 07, 2020 (last updated October 06, 2023)
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
Attacker Value
Very High

CVE-2020-10548

Disclosure Date: June 04, 2020 (last updated October 06, 2023)
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Attacker Value
Very High

CVE-2020-10546

Disclosure Date: June 04, 2020 (last updated October 06, 2023)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Attacker Value
Very High

CVE-2020-10549

Disclosure Date: June 04, 2020 (last updated October 06, 2023)
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
Attacker Value
Very High

CVE-2020-10547

Disclosure Date: June 04, 2020 (last updated October 06, 2023)
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.