Vulnerabilities

CVE-2019-16662

by Fred · 28/10/2019

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

Date published : 2019-10-28

http://packetstormsecurity.com/files/154999/rConfig-3.9.2-Remote-Code-Execution.html

http://packetstormsecurity.com/files/155186/rConfig-3.9.2-Command-Injection.html

Similar

Tags: Cybersecurity Alert