CVE-2020-9425
rConfig versions prior to 3.9.4 are affected by an information-disclosure flaw in includes/head.inc.php. An unauthenticated attacker can retrieve saved cleartext credentials by issuing a GET to settings.php, caused by the application not exiting after a redirect, allowing the rest of the page to ...