Three exploits for rconfig <= 3.9.4 :
CVE-2019-19509 : authenticated RCE
CVE-2019-19585 : Local Privilege Escalation (root)
CVE-2020-10220 : unauthenticated SQLi
rconfig_root_RCE_unauth.py : chaining the three CVEs above to get root reverse shell
without authentication
rconfig_ajaxarchivefiles_rce.rb : Rconfig 3.x - Chained Remote Code Execution
Metasploit Module (EDB : 48223)