rConfig ajaxServerSettingsChk and search_crud Remote OS Command Injection Exploit

An unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php allows an attacker to send a request that will attempt to execute OS commands with permissions of the rConfig process on the host system. Also, an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php allows an attackers to do the same as previous, but credentials are required.
Platform: 
Vulnerabilty ID: 
CVE-2019-16662
Released Date: 
Wednesday, November 6, 2019 - 18:00