漏洞描述
rConfig是用PHP编写的开源网络设备配置工具,根据该项目的网站,rConfig被用于管理超过330万个网络设备。安全研究人员在rConfig工具中发现未修复的关键RCE漏洞,ajaxServerSettingsChk.php中未经身份验证的RCE(CVE-2019-16662)。攻击者可通过GET参数访问文件并在目标服务器上执行恶意命令。
rConfig远程命令执行漏洞(CVE-2019-16662)
PoC代码
暂无相关漏洞推荐
-
CVE-2019-16662: rConfig 3.9.2 - Remote Code Execution POC
2025-08-01 | rConfig 3.9.2rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly exec... -
CVE-2020-10220: rConfig 3.9 - SQL Injection POC
2025-08-01 | rConfig 3.9An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via ... -
CVE-2020-10546: rConfig 3.9.4 - SQL Injection POC
2025-08-01 | rConfig 3.9.4rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. B... -
CVE-2019-0193: Apache Solr Remote Code Execution POC
2025-09-01 | Apache Solr2019 年 08 月 01 日,Apache Solr 官方发布预警,Apache Solr DataImport 功能 在开启 Debug 模式时,可以接收来自请求的”dataConfig”参数,... -
CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 POC
2025-09-01 | Apache StrutsApache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag ...