CVE-2020-10879
CVE-2020-10879
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 83.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
23 Mar 2020Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/48241unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.