SQL Injection Vulnerability in rConfig Web Interface

SQL Injection Vulnerability in rConfig Web Interface

CVE-2020-10220 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.