Vulnerability Details CVE-2020-23151
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.285
EPSS Ranking 96.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cwe.mitre.org/data/definitions/78.html
- https://github.com/rconfig/rconfig/blob/7ef8bd8d606bc10835e1b8f6f72a2048094816d3/www/lib/ajaxHandlers/ajaxArchiveFiles.php#L13
- https://cwe.mitre.org/data/definitions/78.html
- https://github.com/rconfig/rconfig/blob/7ef8bd8d606bc10835e1b8f6f72a2048094816d3/www/lib/ajaxHandlers/ajaxArchiveFiles.php#L13