CVE-2020-23151

2021-08-09T23:15:00
ID CVE-2020-23151
Type cve
Reporter cve@mitre.org
Modified 2021-08-12T00:31:00

Description

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.