rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If –secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.

Source: CVE-2021-29004

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.