CVE-2020-10221 - rConfig OS Command Injection Vulnerability

CVE ID:CVE-2020-10221

Project:rConfig

Product:rConfig

Date Added:2021-11-03Due Date:2022-05-03

Vulnerability Name

rConfig OS Command Injection Vulnerability

Description

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2020-10221