theguly/exploits

Releases0

Stars1

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-13778 ↗	Oct 19, 2020Monday, 19 October 2020, 13:15	8.8 HIGH	9 HIGH
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
CVE-2020-10548 ↗	Jun 4, 2020Thursday, 4 June 2020, 04:15	9.8 CRITICAL	7.5 HIGH
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549 ↗	Jun 4, 2020Thursday, 4 June 2020, 04:15	9.8 CRITICAL	7.5 HIGH
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546 ↗	Jun 4, 2020Thursday, 4 June 2020, 04:15	9.8 CRITICAL	7.5 HIGH
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547 ↗	Jun 4, 2020Thursday, 4 June 2020, 04:15	9.8 CRITICAL	7.5 HIGH
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.