vikingfr

6 exploits Active since Jan 2020
CVE-2019-19509 WRITEUP HIGH WORKING POC
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
CVE-2020-10220 WRITEUP CRITICAL WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2019-19585 WRITEUP HIGH WRITEUP
rConfig 3.9.3 - Privilege Escalation
An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.
CVSS 7.8
CVE-2020-10220 EXPLOITDB CRITICAL python WORKING POC
Rconfig 3.x Chained Remote Code Execution
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
CVSS 9.8
CVE-2019-19509 EXPLOITDB HIGH python WORKING POC
rConfig 3.9.3 - Authenticated OS Command Injection via ajaxArchiveFiles.php Path Parameter
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
CVSS 8.8
EIP-2026-111691 EXPLOITDB python WORKING POC
rConfig 3.9.4 - 'searchField' Unauthenticated Root Remote Code Execution