CVE

CVE-2020-15712 (rconfig)

admin

CVE-2020-15712 (rconfig)

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.

Source: CVE-2020-15712 (rconfig)

Exit mobile version