CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25359

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.2%

CVSS Severity

CVSS v3 Score 9.1

CVSS v2 Score 6.4

References

https://cwe.mitre.org/data/definitions/36.html
https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html
https://cwe.mitre.org/data/definitions/36.html
https://stark0de.com/2020/08/27/pwning-rconfig-part-one.html

Products affected by CVE-2020-25359

Rconfig » Rconfig » Version: 3.9.5

cpe:2.3:a:rconfig:rconfig:3.9.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25359

Products

Pricing

Contact Us