CVE-2019-19509

HIGH EXPLOITED IN THE WILD

rConfig <3.9.3 - Command Injection

Title source: llm

Description

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.

Exploits (3)

exploitdb WORKING POC VERIFIED

by vikingfr · pythonwebappsphp

https://www.exploit-db.com/exploits/47982

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by Jean-Pascal Thomas, Orange Cyberdefense · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb

View Code ZIP pw:eip

exploitdb WORKING POC

rubyremotelinux

https://www.exploit-db.com/exploits/48223

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html

[Exploit, Third Party Advisory] https://github.com/v1k1ngfr

[Exploit, Third Party Advisory] https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.py

[Broken Link] https://raw.githubusercontent.com/v1k1ngfr/exploits/master/rconfig_exploit.py?token=

Scores

CVSS v3 8.8

EPSS 0.9190

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-12-14

InTheWild.io 2020-11-10

CWE

CWE-78

Status published

Products (1)

rconfig/rconfig 3.9.3

Published Jan 06, 2020

Tracked Since Feb 18, 2026