Description
rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2020100091
Exploit, Third Party Advisory x_refsource_misc
https://github.com/theguly/exploits/blob/master/CVE-2020-13778.py
Exploit, Third Party Advisory x_refsource_misc
https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
Scores
CVSS v3
8.8
EPSS
0.0094
EPSS Percentile
76.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
rconfig/rconfig
< 3.9.4
Published
Oct 19, 2020
Tracked Since
Feb 18, 2026