CVE-2020-15712 (rconfig)

Posted on 2020년 7월 28일2020년 7월 29일 by admin

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.

Source: CVE-2020-15712 (rconfig)

답글 남기기 응답 취소