CVE-2019-19585

HIGH

rConfig 3.9.3 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19585. PoCs published by Jean-Pascal Thomas, Orange Cyberdefense, including Metasploit module exploits/linux/http/rconfig_ajaxarchivefiles_rce.

AI-analyzed exploit summary This Metasploit module exploits a chain of vulnerabilities in rConfig 3.9, including SQL injection for authentication bypass and command injection in the `path` parameter of `ajaxArchiveFiles.php` to achieve remote code execution. It automates the creation of an admin user, authentication, payload execution, and cleanup.

Description

An issue was discovered in rConfig 3.9.3. The install script updates the /etc/sudoers file for rconfig specific tasks. After an "rConfig specific Apache configuration" update, apache has high privileges for some binaries. This can be exploited by an attacker to bypass local security restrictions.

Exploits (1)

metasploit WORKING POC GOOD
by Jean-Pascal Thomas, Orange Cyberdefense · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb

This Metasploit module exploits a chain of vulnerabilities in rConfig 3.9, including SQL injection for authentication bypass and command injection in the `path` parameter of `ajaxArchiveFiles.php` to achieve remote code execution. It automates the creation of an admin user, authentication, payload execution, and cleanup.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: rConfig 3.9.3 and 3.9.4
No auth needed
Prerequisites: Network access to the target · HTTPS enabled on the target
devstral-2 · analyzed Apr 23, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 41.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
rconfig/rconfig 3.9.3
Published Jan 06, 2020
Tracked Since Feb 18, 2026