rConfig 3.9.6

CPE Details

rConfig 3.9.6
rconfig
rconfig
3.9.6
2021-08-21
01h57 +00:00
2022-11-04
21h50 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:rconfig:rconfig:3.9.6:*:*:*:*:*:*:*

Informations

Vendor

rconfig

Product

rconfig

Version

3.9.6

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-44384 2022-11-17 00h00 +00:00 An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.
8.8
Haute
CVE-2021-29005 2021-10-11 10h04 +00:00 Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.
8.8
Haute
CVE-2021-29006 2021-10-11 10h02 +00:00 rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
6.5
Moyen
CVE-2021-29004 2021-10-11 09h58 +00:00 rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
8.8
Haute
CVE-2020-27466 2021-08-20 16h10 +00:00 An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file.
7.8
Haute
CVE-2020-27464 2021-08-20 16h10 +00:00 An insecure update feature in the /updater.php component of rConfig 3.9.6 and below allows attackers to execute arbitrary code via a crafted ZIP file.
7.8
Haute
CVE-2020-13638 2020-11-13 18h53 +00:00 lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.
9.8
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.