CVE-2020-23150 | rConfig 3.9.5 SQL Injection

XMAN

Active member
Joined
Jul 12, 2021
Messages
19,642
Reaction score
72
Points
38
CVE-2020-23150 A SQL injection vulnerability in php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.


Proposed (Legacy)
Comments (Legacy)
Votes (Legacy)
Phase (Legacy)
Date Record Created
Assigning CNA
References
Description
CVE-ID

CVE-2020-23150​

Learn more at National Vulnerability Database (NVD)
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MITRE Corporation
20200813Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate...

Read more

Continue reading...
 
Top