Main Vulnerability Database Exploits ID:5737 - Exploit for OS Command Injection in rConfig - CVE-2019-19509

ID:5737 - Exploit for OS Command Injection in rConfig - CVE-2019-19509

Published: June 17, 2021

Vulnerability identifier: #VU26097

Vulnerability risk: Low

CVE-ID: CVE-2019-19509

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
rConfig

Link to public exploit:

https://www.exploit-db.com/exploits/48261/

Vulnerability description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to absent filtration of user-supplied data passed to ajaxArchiveFiles.php script. A remote authenticated user can send a specially crafted HTTP GET request to the affected script and execute arbitrary OS commands on the target system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:5737 - Exploit for OS Command Injection in rConfig - CVE-2019-19509

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human