vulnerability
rConfig: CVE-2020-10221: Improper Neutralization of Special Elements used in an OS Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Mar 8, 2020 | Sep 1, 2025 | Sep 1, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Mar 8, 2020
Added
Sep 1, 2025
Modified
Sep 1, 2025
Description
lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.
Solution
rconfig-upgrade-latest
References
- CVE-2020-10221
- https://attackerkb.com/topics/CVE-2020-10221
- URL-http://packetstormsecurity.com/files/156687/rConfig-3.93-Authenticated-Remote-Code-Execution.html
- URL-https://cwe.mitre.org/data/definitions/78.html
- URL-https://engindemirbilek.github.io/rconfig-3.93-rce
- URL-https://github.com/EnginDemirbilek/EnginDemirbilek.github.io/blob/master/rconfig-3.93-rce.html
- CWE-78
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.