Command Execution Vulnerability in rConfig 3.9.3

Command Execution Vulnerability in rConfig 3.9.3

CVE-2019-19509 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.

Learn more about our User Device Pen Test.