PT-2020-13079 · Rconfig · Rconfig

Farid007

Published

2020-05-18

Updated

2020-05-19

CVE-2020-12258

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

🚨 CVE-2020-12258 rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.

🎖@cveNotify

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2020-12258

Affected Products

Rconfig

PT-2020-13079 · Rconfig · Rconfig

CVE-2020-12258

Weakness Enumeration

Related Identifiers

Affected Products

References · 4