CVE-2023-39110: SSRF
First published: Tue Aug 01 2023(Updated: )
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39110?
CVE-2023-39110 refers to a Server-Side Request Forgery (SSRF) vulnerability in rconfig v3.9.4.
How does the vulnerability in rconfig v3.9.4 work?
The vulnerability allows authenticated attackers to make arbitrary requests by injecting crafted URLs through the path parameter in /ajaxGetFileByPath.php.
What is the severity of CVE-2023-39110?
The severity of CVE-2023-39110 is high with a CVSS score of 8.8.
What software version is affected by CVE-2023-39110?
rconfig v3.9.4 is affected by CVE-2023-39110.
How can I fix CVE-2023-39110?
To fix CVE-2023-39110, it is recommended to update rconfig to a version that addresses the SSRF vulnerability.
- collector/nvd-latest
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/tags
- agent/description
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.4