rConfig ajaxServerSettingsChk and search_crud Remote OS Command Injection Exploit

This module exploits an unauthenticated OS command injection vulnerability in rConfig using the rootUname parameter present in ajaxServerSettingsChk.php. Also, this module exploits an authenticated OS command injection vulnerability using the catCommand parameter present in search.crud.php.
CVE Link
CVE-2019-16662
CVE-2019-16663
Exploit Platform
Linux
Exploit Type
Exploits
OS Command Injection
Known Vulnerabilities
Product Name
Impact