CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-12257

rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.8%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://gist.github.com/farid007/eb7310749520fb8cdf5942573c9954ef
https://gist.github.com/farid007/eb7310749520fb8cdf5942573c9954ef

Products affected by CVE-2020-12257

Rconfig » Rconfig » Version: 3.9.4

cpe:2.3:a:rconfig:rconfig:3.9.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-12257

Products

Pricing

Contact Us