Security Advisory

CVE-2019-16663

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-10-28 11:53:02

Last updated 2024-08-05 01:17:41

Assigner mitre

State PUBLISHED

Description

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.

← Browse all CVEs View on cve.org ↗