CVE-2023-39110
published 2023-08-01CVE-2023-39110: rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
2.75%
84.3th percentile
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rconfig | rconfig | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: root:.*:0:0:
- →Monitor HTTP GET requests to /lib/ajaxHandlers/ajaxGetFileByPath.php with a 'path' parameter containing file:// or other non-HTTP URI schemes, indicating SSRF/LFI exploitation attempts. ↗
- →Successful exploitation returns /etc/passwd content in the response body; detect responses matching 'root:.*:0:0:' from this endpoint. ↗
- →Shodan/FOFA exposure queries for rConfig instances: search for http.title:'rConfig' or title='rconfig' to identify internet-exposed targets. ↗
- →Attack requires prior authentication; monitor for login attempts to /lib/crud/userprocess.php followed immediately by requests to the vulnerable ajaxGetFileByPath.php endpoint. ↗
- ·Exploitation requires valid credentials; the attack chain is: authenticate via /lib/crud/userprocess.php, then inject a crafted URL (e.g., file://localhost/etc/passwd) into the 'path' parameter of /lib/ajaxHandlers/ajaxGetFileByPath.php. ↗
- ·The vulnerable endpoint path differs slightly between the NVD description (/ajaxGetFileByPath.php) and the actual PoC template (/lib/ajaxHandlers/ajaxGetFileByPath.php); use the full path for detection. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
rConfig 3.9.4 - Server-Side Request Forgery
nuclei·CVSS 8.8
CVE-2023-39110 [HIGH] rConfig 3.9.4 - Server-Side Request Forgery
rConfig 3.9.4 - Server-Side Request Forgery
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
Template:
id: CVE-2023-39110
info:
name: rConfig 3.9.4 - Server-Side Request Forgery
author: theamanrawat
severity: high
description: |
rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.
impact: |
Authenticated attackers can exploit SSRF through the path parameter in ajaxGetFileByPath.php to read local files and access internal n
No writeups or analysis indexed.
2023-08-01
Published