Rconfig: community verdicts
3 notable / known-exploited Rconfig CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Rconfig CVE, see NVD ↗.
- CVE-2021-29006MED 6.5EPSS 7%
rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.
- CVE-2021-29004HIGH 8.8Real · low riskEPSS 2%
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
- CVE-2021-29005HIGH 8.8Real · low riskEPSS 2%
Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gain root access on server.