Vulnerability Details CVE-2021-29004
rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 78.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://rconfig.com
- https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt
- https://github.com/mrojz/rconfig-exploit/blob/main/README.md
- https://rconfig.com
- http://rconfig.com
- https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt
- https://github.com/mrojz/rconfig-exploit/blob/main/README.md
- https://rconfig.com