Vulnerabilities

CVE-2019-16663

by Fred · 28/10/2019

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

Date published : 2019-10-28

https://drive.google.com/open?id=1XmR2MSMb3cKARFk3XxmPkwz6GhAP1JxL

https://drive.google.com/open?id=1kQGmboKfwob4RwlMjnv6ER2Za1GUptOi

Similar

Tags: Cybersecurity Alert