exploitDog

CVE-2020-15713

Опубликовано: 28 июл. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/184939
VDB Entry
https://www.rconfig.com/downloads/v3-release-notes
Release Notes
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/184939
VDB Entry
https://www.rconfig.com/downloads/v3-release-notes
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rconfig:rconfig:3.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-9vmm-5mw9-grvh

github

больше 3 лет назад

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89