module
rConfig install Command Execution
| Disclosed |
|---|
| Oct 28, 2019 |
Disclosed
Oct 28, 2019
Description
This module exploits an unauthenticated command injection vulnerability
in rConfig versions 3.9.2 and prior. The `install` directory is not
automatically removed after installation, allowing unauthenticated users
to execute arbitrary commands via the `ajaxServerSettingsChk.php` file
as the web server user.
This module has been tested successfully on rConfig version 3.9.2 on
CentOS 7.7.1908 (x64).
in rConfig versions 3.9.2 and prior. The `install` directory is not
automatically removed after installation, allowing unauthenticated users
to execute arbitrary commands via the `ajaxServerSettingsChk.php` file
as the web server user.
This module has been tested successfully on rConfig version 3.9.2 on
CentOS 7.7.1908 (x64).
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.