CVE-2020-10220

CRITICAL NUCLEI

Rconfig 3.x Chained Remote Code Execution

Title source: metasploit

Description

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/48223
exploitdb WORKING POC
by vikingfr · pythonwebappsphp
https://www.exploit-db.com/exploits/48208
nomisec WORKING POC
by CSpanias · poc
https://github.com/CSpanias/rConfig_rce
metasploit WORKING POC GOOD
by Jean-Pascal Thomas, Orange Cyberdefense · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb

Nuclei Templates (1)

rConfig 3.9 - SQL Injection
CRITICALVERIFIEDby ritikchaddha,theamanrawat
Shodan: title:"rConfig" || http.title:"rconfig"
FOFA: title="rconfig"

References (5)

Scores

CVSS v3 9.8
EPSS 0.9426
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
rconfig/rconfig < 3.9.4
Published Mar 07, 2020
Tracked Since Feb 18, 2026