exploitDog

CVE-2020-25351

Опубликовано: 20 авг. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.

Ссылки

https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
Exploit
Third Party Advisory
https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rconfig:rconfig:3.9.5:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00059

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-552

Связанные уязвимости

GHSA-2559-m273-3qpf

github

больше 3 лет назад

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.

EPSS

Процентиль: 19%

0.00059

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-552