What is CVE-2019-16663?

CVE-2019-16663 is a vulnerability in N/a. Published 2019-10-28.

Is CVE-2019-16663 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-16663

An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to com…

EPSS: 0.941 (99.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

mhaskar/CVE-2019-16663
0ps/pocassistdb
0xT11/CVE-POC
SexyBeast233/SecBooks
TheCyberGeek/CVE-2019-19268
alphaSeclab/sec-daily-2019
developer3000S/PoC-in-GitHub
fab1ano/rconfig-cves
hectorgie/PoC-in-GitHub
jweny/pocassistdb

References

rconfig.com/download (x_refsource_MISC)
gist.github.com/mhaskar/e7e454c7cb0dd9a139b0a43691e258a0 (x_refsource_MISC)
drive.google.com/open (x_refsource_MISC)
drive.google.com/open (x_refsource_MISC)
shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-16663?: CVE-2019-16663 is a vulnerability in N/a. Published 2019-10-28.
Is CVE-2019-16663 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.