Security Advisory

CVE-2019-19509

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-06 19:27:27

Last updated 2024-08-05 02:16:48

Assigner mitre

State PUBLISHED

Description

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.

← Browse all CVEs View on cve.org ↗