CVE-2020-15712

2020-07-28T14:15:00
ID CVE-2020-15712
Type cve
Reporter cve@mitre.org
Modified 2020-07-28T15:07:00

Description

rConfig 3.9.5 could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a crafted request to the ajaxGetFileByPath.php script containing hexadecimal encoded "dot dot" sequences (%2f..%2f) in the path parameter to view arbitrary files on the system.