CVE-2020-25359
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/08/2021
Last modified:
05/10/2022
Description
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.
Impact
Base Score 3.x
9.10
Severity 3.x
CRITICAL
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:rconfig:rconfig:3.9.5:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page