Описание
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Product
- ExploitTechnical DescriptionThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- Product
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:rconfig:rconfig:3.9.2:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.93721
Критический
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
EPSS
Процентиль: 100%
0.93721
Критический
8.8 High
CVSS3
9 Critical
CVSS2
Дефекты
CWE-78