CVE-2020-10221
rConfig OS Command Injection Vulnerability
CVSS
—
No CVSS
EPSS
36.8%
p98
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
36.8%EPSS · 30 days36.8%
2026-06-302026-07-16
Product
rConfig / rConfig
Vulnerability
rConfig OS Command Injection Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-10221
No related CVEs by CWE or product.