Vulnerability in N/a
CVE-2020-10220
An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
EPSS: 0.943 (99.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_sqli.py (x_refsource_MISC)
- packetstormsecurity.com/files/156688/rConfig-3.9-SQL-Injection.html (x_refsource_MISC)
- packetstormsecurity.com/files/156766/Rconfig-3.x-Chained-Remote-Code-Execution… (x_refsource_MISC)
- github.com/v1k1ngfr/exploits-rconfig/blob/master/rconfig_CVE-2020-10220.py (x_refsource_MISC)
- packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Exec… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-10220?
- CVE-2020-10220 is a vulnerability in N/a. Published 2020-03-07.
- Is CVE-2020-10220 known to be exploited?
- 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.