CVE-2020-25351
First published: Fri Aug 20 2021(Updated: )
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| rConfig rConfig | =3.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this information disclosure vulnerability?
The vulnerability ID for this information disclosure vulnerability is CVE-2020-25351.
What is the severity level of CVE-2020-25351?
The severity level of CVE-2020-25351 is medium with a severity value of 6.5.
Which version of rConfig is affected by CVE-2020-25351?
Version 3.9.5 of rConfig is affected by CVE-2020-25351.
How can remote authenticated attackers exploit CVE-2020-25351?
Remote authenticated attackers can exploit CVE-2020-25351 by sending a crafted request to the /lib/crud/configcompare.crud.php script.
Has CVE-2020-25351 been fixed?
Yes, CVE-2020-25351 has been fixed in version 3.9.6 of rConfig.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/rconfig
- canonical/rconfig rconfig
- version/rconfig rconfig/3.9.5