Vulnerabilities > CVE-2020-25351 - Files or Directories Accessible to External Parties vulnerability in Rconfig 3.9.5

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
rconfig
CWE-552

Summary

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script.

Vulnerable Configurations

Part Description Count
Application
Rconfig
1