THREATOPS
THREAT OPSCVEs › CVE-2020-10221

CVE-2020-10221 — rConfig OS Command Injection Vulnerability

CISA KEVExploited: confirmedrConfig

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

Vulnerability details