CVE-2022-44384

HIGH

rconfig 3.9.6 - Arbitrary File Upload and Remote Code Execution via PHP File

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-44384. PoCs published by Vishwaraj Bhattrai, MURAT ŞEKER, VISHWARAJ BHATTRAI, including Metasploit module exploits/linux/http/rconfig_vendors_auth_file_upload_rce.

AI-analyzed exploit summary This exploit demonstrates an authenticated arbitrary file upload vulnerability in rConfig v3.9.6, leading to remote code execution. It bypasses file upload restrictions by uploading a malicious PHP file disguised as an image, then executes arbitrary commands via a crafted GET request.

Description

An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.

Exploits (2)

exploitdb WORKING POC

by Vishwaraj Bhattrai · pythonwebappsphp

https://www.exploit-db.com/exploits/49783

View Code ZIP pw:eip

This exploit demonstrates an authenticated arbitrary file upload vulnerability in rConfig v3.9.6, leading to remote code execution. It bypasses file upload restrictions by uploading a malicious PHP file disguised as an image, then executes arbitrary commands via a crafted GET request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: rConfig <= v3.9.6

Auth required

Prerequisites: Valid credentials for rConfig (default: admin/admin) · Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by MURAT ŞEKER, VISHWARAJ BHATTRAI · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_vendors_auth_file_upload_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in rConfig's vendors.crud.php to achieve remote code execution. It authenticates with admin credentials, uploads a malicious PHP file, and triggers it via a GET request.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: rConfig <= 3.9.6

Auth required

Prerequisites: Valid admin credentials · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry

https://www.exploit-db.com/exploits/49783

Scores

CVSS v3 8.8

EPSS 0.0501

EPSS Percentile 91.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

rconfig/rconfig 3.9.6

Published Nov 17, 2022

Tracked Since Feb 18, 2026