CVE-2021-29004

Summary

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If –secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely.

Affected Software

VendorProductVersion RangeStatus
n/an/an/aaffected

Weaknesses

  • n/a

ADP Enrichment

CVE Program Container

Additional References

References