module
rConfig Vendors Auth File Upload RCE
| Disclosed |
|---|
| 2021-03-17 |
Disclosed
2021-03-17
Description
This module allows an attacker with a privileged rConfig account to start a reverse shell
due to an arbitrary file upload vulnerability in `/lib/crud/vendors.crud.php`.
Then, the uploaded payload can be triggered by a call to `images/vendor/.php`
due to an arbitrary file upload vulnerability in `/lib/crud/vendors.crud.php`.
Then, the uploaded payload can be triggered by a call to `images/vendor/.php`
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.