PT-2020-14602 · Rconfig · Rconfig
Published
2020-07-28
·
Updated
2020-07-28
·
CVE-2020-15715
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
rConfig version 3.9.5
Description
The issue is caused by an error in the search.crud.php script, allowing a remote authenticated attacker to execute arbitrary code on the system. The
nodeId parameter can be exploited to achieve this.Recommendations
For version 3.9.5, avoid using the
nodeId parameter in the affected script until a fix is available. As a temporary workaround, consider restricting access to the search.crud.php script to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Rconfig