CSpanias

2 exploits Active since Mar 2020

CVE-2022-35411 NOMISEC CRITICAL WORKING POC

Rpc.py < 0.6.0 - Insufficiently Protected Credentials

rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.

2 stars

CVSS 9.8

View Code

CVE-2020-10220 NOMISEC CRITICAL WORKING POC

Rconfig 3.x Chained Remote Code Execution

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

CVSS 9.8

View Code