3 matches found
CVE-2020-12255
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to...
CVE-2020-12255
CVE-2020-12255 affects rConfig 3.9.4 where vendor.crud.php handles file uploads by trusting content-type rather than file extension/header, allowing uploading a PHP file to vendor.php with manipulated content-type (e.g., image/gif) to achieve remote code execution. Multiple connected advisories c...
CVE-2020-12255
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to...