CyberSec.Space Logo
Back to CVE Browser

CVE-2020-10221

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score52.2880%
EPSS Percentile96.82th
PublishedMar 8, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.

Affected Platforms (CPE)

πŸ“¦
Rconfig

Rconfig

<= 3.9.4

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html
πŸ”— https://cwe.mitre.org/data/definitions/78.html
πŸ”— https://engindemirbilek.github.io/rconfig-3.93-rce
πŸ”— https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html
πŸ”— http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html
πŸ”— https://cwe.mitre.org/data/definitions/78.html
πŸ”— https://engindemirbilek.github.io/rconfig-3.93-rce
πŸ”— https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html

Related Vulnerabilities

CVE-2020-157159.9

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the sear...

CVE-2020-108799.8

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parame...

CVE-2019-166629.8

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerS...

CVE-2020-102209.8

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchCol...