Vulnerability in N/a

CVE-2020-13638

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ (x_refsource_MISC)