CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15715

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile0.13th
PublishedJul 28, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.

Affected Platforms (CPE)

πŸ“¦
Rconfig

Rconfig

= 3.9.5

References & Advisories

πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/184941
πŸ”— https://www.rconfig.com/downloads/v3-release-notes
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/184941
πŸ”— https://www.rconfig.com/downloads/v3-release-notes

Related Vulnerabilities

CVE-2020-102209.8

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchCol...

CVE-2020-108799.8

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parame...

CVE-2019-166629.8

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerS...

CVE-2020-105469.8

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' pass...