CVE-2020-10221: rConfig OS Command Injection Vulnerability
First published: Sun Mar 08 2020(Updated: )
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | <=3.9.4 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this rConfig vulnerability?
The vulnerability ID for this rConfig vulnerability is CVE-2020-10221.
What is the title of this vulnerability?
The title of this vulnerability is rConfig OS Command Injection Vulnerability.
What is the description of this vulnerability?
The rConfig lib/ajaxHandlers/ajaxAddTemplate.php file contains an OS command injection vulnerability that allows remote attackers to execute OS commands by exploiting shell metacharacters in the fileName POST parameter.
Which software is affected by this vulnerability?
The rConfig software, specifically versions up to and including 3.9.4, is affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is critical with a CVSS score of 8.8.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.4