Description
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.
Exploits (1)
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/farid007/9f6ad063645d5b1550298c8b9ae953ff
Scores
CVSS v3
8.8
EPSS
0.5858
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
rconfig/rconfig
3.9.4
Published
May 18, 2020
Tracked Since
Feb 18, 2026