Arbitrary Code Execution Vulnerability in rConfig 3.9.5 via search.crud.php

CVE-2020-15715 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter.

Learn more about our Web Application Penetration Testing UK.