rConfig version 3.9.4 searchField unauthenticated remote root code execution exploit.
286d169b9325c701681f3ca01b90d56974a51fe70471f6d1ba94a2d175b1f7a8
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this module can bypass authentication via SQL injection.
0b63805ab8f2162cb70c5931c392c85432cadbdd98208528d5861e068261cd6c
rConfig version 3.9.3 suffers from an authenticated remote code execution vulnerability.
0f26c86a269bf983f144de86b9776ac084b92fb228ce91852dc3bc38419b270e