CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-15713

rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/184939
https://www.rconfig.com/downloads/v3-release-notes
https://exchange.xforce.ibmcloud.com/vulnerabilities/184939
https://www.rconfig.com/downloads/v3-release-notes

Products affected by CVE-2020-15713

Rconfig » Rconfig » Version: 3.9.5

cpe:2.3:a:rconfig:rconfig:3.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-15713

Products

Pricing

Contact Us