OS command injection vulnerability in rConfig - CVE-2020-10221 - (Linux)ID: oval:org.secpod.oval:def:81819 | Date: (C)2022-06-30 (M)2022-10-13 |
Class: VULNERABILITY | Family: unix |
The host is installed with rConfig through 3.9.4 and is prone to an OS command injection vulnerability. A flaw is present in the application, which fails to an issue in lib/ajaxHandlers/ajaxAddTemplate.php file. Successful exploitation allows remote attackers to execute arbitrary OS commands via shell metacharacters in the fileName POST parameter.