Attacker Value
Very High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
1

CVE-2020-10220

Disclosure Date: March 07, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.

Add Assessment

General Information

Technical Analysis