CVE-2020-13638

2020-11-1319:53:36

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.348 Low

EPSS

Percentile

97.1%

JSON

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

References

theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/