Arbitrary File Deletion Vulnerability in rConfig 3.9.5

Arbitrary File Deletion Vulnerability in rConfig 3.9.5

CVE-2020-25359 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.

Learn more about our Web Application Penetration Testing UK.