CVE-2020-10221

HIGH KEV

rconfig < 3.9.4 - Authenticated Remote Code Execution via fileName POST Parameter

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-10221 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Engin Demirbilek.

AI-analyzed exploit summary This exploit targets an authenticated RCE vulnerability in rConfig <= 3.94 via the 'ajaxAddTemplate.php' endpoint. It sends a reverse shell payload through the 'fileName' parameter after authenticating with provided credentials.

Description

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.

Exploits (1)

exploitdb WORKING POC
by Engin Demirbilek · pythonwebappsphp
https://www.exploit-db.com/exploits/48207

This exploit targets an authenticated RCE vulnerability in rConfig <= 3.94 via the 'ajaxAddTemplate.php' endpoint. It sends a reverse shell payload through the 'fileName' parameter after authenticating with provided credentials.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: rConfig <= 3.94
Auth required
Prerequisites: Valid credentials for rConfig · Network access to the target · Listener setup for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.3675
EPSS Percentile 98.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-11-03
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-2679
CWE
CWE-78
Status published
Products (1)
rconfig/rconfig < 3.9.4
Published Mar 08, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026