CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/rconfig/rconfig/blob/7ef8bd8d606bc10835e1b8f6f72a2048094816d3/www/install/lib/ajaxHandlers/ajaxDbInstall.php#L35
https://github.com/rconfig/rconfig/blob/7ef8bd8d606bc10835e1b8f6f72a2048094816d3/www/install/lib/ajaxHandlers/ajaxDbInstall.php#L35

Products affected by CVE-2020-23149

Rconfig » Rconfig » Version: 3.9.5

cpe:2.3:a:rconfig:rconfig:3.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-23149

Products

Pricing

Contact Us