Back to search
CVE-2020-15712
Published: Jul 28, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/184938
x_refsource_MISC
https://www.rconfig.com/downloads/v3-release-notes
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now