CVE-2020-10220
CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
Productos afectados
n/a · n/aPoCs públicas encontradas — 6
githubgithub.com/CSpanias/rConfig_rce★ 0cve_referencepacketstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.htmlno verificadocve_referencepacketstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.htmlno verificadocve_referencepacketstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.htmlno verificadoexploitdbwww.exploit-db.com/exploits/48223no verificadoexploitdbwww.exploit-db.com/exploits/48208no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.htmlhttp://packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.htmlhttps://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2020-10220.pyhttps://github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py