PT-2019-15783 · Rconfig · Rconfig
Publicado
2019-11-21
·
Atualizado
2019-11-26
·
CVE-2019-19207
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
rConfig version 3.9.2
Description
The issue allows for SQL injection through the
devices.php endpoint, specifically when the searchColumn parameter is manipulated. This can potentially lead to unauthorized access or modification of database content.Recommendations
For rConfig version 3.9.2, consider restricting access to the
devices.php endpoint until a patch is available, or avoid using the searchColumn parameter in this endpoint to minimize the risk of exploitation.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Rconfig