Security Advisory

CVE-2019-16662

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-28 11:52:13

Last updated 2024-08-05 01:17:41

Assigner mitre

State PUBLISHED

Description

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.

← Browse all CVEs View on cve.org ↗