CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-15715

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile0.13th
Published2020年7月28日
Last Modified2024年11月21日

Vulnerability Description

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.

Affected Platforms (CPE)

📦
Rconfig

Rconfig

= 3.9.5

References & Advisories

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/184941
🔗 https://www.rconfig.com/downloads/v3-release-notes
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/184941
🔗 https://www.rconfig.com/downloads/v3-release-notes

相关漏洞威胁

CVE-2020-102209.8

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchCol...

CVE-2020-108799.8

rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parame...

CVE-2019-166629.8

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerS...

CVE-2020-105469.8

rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' pass...