CVE-2020-10221

rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. Vendor/Product: rConfig rConfig. Added to CISA KEV 2021-11-03; required action: Apply updates per vendor instructions.