CVE-2020-10221
CVE-2020-10221
In short
rConfig versions up to 3.94 contain a vulnerability where an attacker can execute arbitrary operating system commands by inserting malicious code into the fileName field when adding a template. This happens because the application doesn't properly sanitize user input before passing it to system commands.
Technical detail
CWE-78 OS Command Injection in lib/ajaxHandlers/ajaxAddTemplate.php allows unauthenticated remote attackers to execute arbitrary OS commands via unsanitized shell metacharacters in the fileName POST parameter. The vulnerable code directly uses user input without proper escaping or validation before command execution, enabling command chaining and arbitrary payload execution.
Summary generated and translated by AI from the official description.
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48207unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.htmlhttps://cwe.mitre.org/data/definitions/78.htmlhttps://engindemirbilek.github.io/rconfig-3.93-rcehttps://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10221