rConfig小于等于3.9.4版本compliancepolicies.inc.php存在SQL注入(CVE-2020-10546)

漏洞描述

rConfig 3.9.4 和以前的版本具有未经身份验证的compliancepolicies.inc.php SQL注入。因为，默认情况下，节点的密码以明文形式存储，因此该漏洞会导致横向移动，从而使攻击者能够访问受监控的网络设备。

CVE-2019-16662: rConfig 3.9.2 - Remote Code Execution POC

2025-08-01 | rConfig 3.9.2

rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly exec...
CVE-2020-10220: rConfig 3.9 - SQL Injection POC

2025-08-01 | rConfig 3.9

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via ...
CVE-2020-10546: rConfig 3.9.4 - SQL Injection POC

2025-08-01 | rConfig 3.9.4

rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. B...
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC

2025-09-01 | Nexus Repository

漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager"
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC

2025-09-01 | LimeSurvey

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a...