CVE-2021-29004 - OpenCVE

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Rconfig	Rconfig

Configuration 1 [-]

cpe:2.3:a:rconfig:rconfig:3.9.6:*:*:*:*:*:*:*

References

Link	Resource
http://rconfig.com	Vendor Advisory
https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt	Third Party Advisory
https://github.com/mrojz/rconfig-exploit/blob/main/README.md	Third Party Advisory
https://rconfig.com	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-11T11:58:33

Updated: 2021-10-11T11:58:33

Reserved: 2021-03-22T00:00:00

Link: CVE-2021-29004

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-11T12:15:07.587

Modified: 2021-10-16T01:15:50.480

Link: CVE-2021-29004

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-11T11:58:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://rconfig.com"}, {"tags": ["x_refsource_MISC"], "url": "https://rconfig.com"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mrojz/rconfig-exploit/blob/main/README.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-29004", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://rconfig.com", "refsource": "MISC", "url": "http://rconfig.com"}, {"name": "https://rconfig.com", "refsource": "MISC", "url": "https://rconfig.com"}, {"name": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt", "refsource": "MISC", "url": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt"}, {"name": "https://github.com/mrojz/rconfig-exploit/blob/main/README.md", "refsource": "MISC", "url": "https://github.com/mrojz/rconfig-exploit/blob/main/README.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-29004", "datePublished": "2021-10-11T11:58:33", "dateReserved": "2021-03-22T00:00:00", "dateUpdated": "2021-10-11T11:58:33", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rconfig:rconfig:3.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "EE354F1A-34B3-459F-8C80-CBC86C9746B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely."}, {"lang": "es", "value": "rConfig versi\u00f3n 3.9.6, est\u00e1 afectado por una inyecci\u00f3n SQL. Un usuario debe estar autenticado para explotar la vulnerabilidad. Si --secure-file-priv en el servidor MySQL no est\u00e1 configurado y el servidor Mysql es el mismo que rConfig, un atacante puede cargar con \u00e9xito un webshell en el servidor y acceder a \u00e9l de forma remota"}], "id": "CVE-2021-29004", "lastModified": "2021-10-16T01:15:50.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-11T12:15:07.587", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://rconfig.com"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/mrojz/rconfig-exploit/blob/main/CVE-2021-29004-POC-req.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/mrojz/rconfig-exploit/blob/main/README.md"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://rconfig.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}