← back
CVE-2020-10879

CVE-2020-10879

EPSS 83.9%
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 83.9%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
23 Mar 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.