Search Results | AttackerKB

Show filters

Clear All

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

2 Total Results

Displaying 1-2 of 2

Attacker Value

Very High

CVE-2020-10220

Disclosure Date: March 07, 2020 (last updated February 21, 2025)

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

Attacker Value

Unknown

CVE-2020-10221

Disclosure Date: March 08, 2020 (last updated February 21, 2025)

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.

Attack Vector: Network Privileges: Low User Interaction: None