PT-2020-13078 · Rconfig · Rconfig
Ghost_Fh
·
Published
2020-05-18
·
Updated
2020-05-18
·
CVE-2020-12257
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
rConfig version 3.9.4
Description
The issue is related to cross-site request forgery (CSRF) due to the lack of CSRF protection, such as a CSRF token. An attacker can exploit this by creating a form to add, delete, or edit a user.
Recommendations
For rConfig version 3.9.4, consider implementing CSRF protection, such as a CSRF token, to prevent cross-site request forgery attacks. As a temporary workaround, restrict access to user management functions to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rconfig