CVE-2020-12257

rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
References
Link Resource
https://gist.github.com/farid007/eb7310749520fb8cdf5942573c9954ef Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:*

Information

Published : 2020-05-18 07:15

Updated : 2020-05-18 13:42


NVD link : CVE-2020-12257

Mitre link : CVE-2020-12257


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

rconfig

  • rconfig