cbcvebase.
CVE-2023-39108
published 2023-08-01

CVE-2023-39108: rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.96%
85.5th percentile
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

Affected

1 ranges
VendorProductVersion rangeFixed in
rconfigrconfig

Detection & IOCsextracted from sources · hover to see the quote

path/classes/compareClass.php
path/lib/crud/configcompare.crud.php
url/lib/crud/configcompare.crud.php?path_b=file:///etc/passwd
  • Detect SSRF exploitation attempts by monitoring GET requests to /lib/crud/configcompare.crud.php with a path_b parameter containing a file:// or http:// URI scheme.
  • A successful exploitation response body will contain the string matching root:.*:0:0: (i.e., /etc/passwd content), indicating local file read via SSRF.
  • Shodan/FOFA fingerprinting for exposed rConfig instances can be performed using the HTTP title 'rConfig' or 'rconfig'.
  • The attack requires prior authentication; monitor for login POST to /lib/crud/userprocess.php followed immediately by a request to /lib/crud/configcompare.crud.php with a file:// or external URL in path_b.
  • ·Exploitation requires valid credentials (authenticated attacker); unauthenticated scanning will not trigger the vulnerable code path.
  • ·The vulnerability is specific to rConfig version 3.9.4; the CPE scope is cpe:2.3:a:rconfig:rconfig:3.9.4.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.