Full title: Rconfig 3.x Chained Remote Code Execution Exploit 
Category: remote exploits
Platform: linux
This Metasploit module takes advantage of a command injection vulnerability in the path parameter of the ajax archive file functionality within the rConfig web interface in order to execute the payload. Valid credentials for a user with administrative privileges are required . However, this module can bypass authentication via SQL injection.

# 0day.today @ http://0day.today/