|
|
|||
| Rule General Information |
|---|
| Release Date: | 2024-04-23 | |
| Rule Name: | rConfig Remote Command Execution Vulnerability (CVE-2020-13778) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://cxsecurity.com/issue/WLB-2020100091 https://github.com/theguly/exploits/blob/master/CVE-2020-13778.py https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ https://nvd.nist.gov/vuln/detail/CVE-2020-13778 |
|
| Solutions |
|---|
| Refer to the announcement or patch by the vendor: https://www.rconfig.com/ |