CVE

CVE-2020-15714 (rconfig)

admin

CVE-2020-15714 (rconfig)

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.crud.php script using the custom_Location parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Source: CVE-2020-15714 (rconfig)

Exit mobile version