rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
References
Link | Resource |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/184939 | VDB Entry |
https://www.rconfig.com/downloads/v3-release-notes | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-28T13:03:37
Updated: 2020-07-28T13:03:37
Reserved: 2020-07-14T00:00:00
Link: CVE-2020-15713
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-28T14:15:13.203
Modified: 2020-07-28T15:06:55.613
Link: CVE-2020-15713
JSON object: View
Redhat Information
No data.
CWE