CVE-2020-25359

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
20/08/2021
Last modified:
05/10/2022

Description

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:rconfig:rconfig:3.9.5:*:*:*:*:*:*:*