← back
CVE-2019-19509

CVE-2019-19509

EPSS 71.6%◆ VulnCheck KEV
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 71.6%KEV nãoPoC públicaNuclei Metasploit simPatch
Lifecycle
06 Jan 2020Published on NVD
30 Jan 2020Public PoC
11 Mar 2020Metasploit module available
Weaponization speed
23 daysto first PoC
64 daysto Metasploit module
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.