2 matches found
CVE-2020-12258
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259...
CVE-2020-12258
rConfig 3.9.4 is affected by multiple CVEs with concrete details in connected docs. Affected product/component: rConfig 3.9.4 (devicemgmnt.php and related input handling). Root cause: inadequate validation of user-controlled input leading to cross-site scripting (CVE-2020-12256, CVE-2020-12259) a...