cbcvebase.
CVE-2023-39109
published 2023-08-01

CVE-2023-39109: rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php…

PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.96%
85.5th percentile
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

Affected

1 ranges
VendorProductVersion rangeFixed in
rconfigrconfig

Detection & IOCsextracted from sources · hover to see the quote

path/classes/compareClass.php
path/lib/crud/configcompare.crud.php
url/lib/crud/configcompare.crud.php?path_a=file:///etc/passwd
  • Detect SSRF exploitation attempts by monitoring HTTP GET requests to /lib/crud/configcompare.crud.php containing a 'path_a' parameter with a 'file://' URI scheme, indicating local file inclusion via SSRF.
  • Successful exploitation is confirmed if the HTTP 200 response body contains the pattern 'root:.*:0:0:', indicating /etc/passwd content was returned from the server.
  • Shodan/FOFA queries 'http.title:"rConfig"' and 'title="rconfig"' can be used to identify exposed rConfig instances for proactive asset discovery.
  • The attack requires prior authentication; monitor for sequential login POST to /lib/crud/userprocess.php followed immediately by a GET to /lib/crud/configcompare.crud.php with a file:// or http:// path_a value.
  • ·Exploitation requires valid credentials; the SSRF is only reachable by authenticated users, so unauthenticated scanning will not trigger the vulnerable endpoint.
  • ·The vulnerability is specific to rConfig version 3.9.4; detections should be scoped to confirmed deployments of this exact version to reduce false positives.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.