rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated attacker could send crafted SQL statements to the devices.php script using the sortBy parameter, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-28T13:03:37
Updated: 2024-08-04T13:22:30.813Z
Reserved: 2020-07-14T00:00:00
Link: CVE-2020-15713
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-07-28T14:15:13.203
Modified: 2024-11-21T05:06:04.983
Link: CVE-2020-15713
Redhat
No data.