Cybersecurity Alerts

rConfig OS Command Injection Vulnerability

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-78

References

• https://nvd.nist.gov/vuln/detail/CVE-2020-10221