Vulnerability feed

Vulnerability

CVE-2019-19509

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2019-19509
Description:: An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Last updated date:: 01/31/2023

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 11/10/2020
Reference url to background: https://blogs.juniper.net/en-us/threat-research/everything-but-the-kitchen-sink-more-attacks-from-the-gitpaste-12-worm

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/30/2020
Reference url to background: https://www.exploit-db.com/exploits/47982

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/30/2020
Reference url to background: https://github.com/v1k1ngfr

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/30/2020
Reference url to background: https://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2019-19509.py

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/24/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_ajaxarchivefiles_rce.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/31/2023
Reference url to background: http://packetstormsecurity.com/files/156146/rConfig-3.9.3-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/31/2023
Reference url to background: http://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 01/31/2023
Reference url to background: http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |