Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-12255

EPSS 58.58% · P98
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-12255

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
rConfig 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
rConfig是一款开源的网络配置管理实用程序。 rConfig 3.9.4版本中的vendor.crud.php文件存在安全漏洞,该漏洞源于文件上传功能未进行正确验证。攻击者可通过向vendor.php文件上传包含任意PHP代码的.php文件并将‘content-type’字段更改为image/gif利用该漏洞执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2020-12255

#POC DescriptionSource LinkShenlong Link
1Poc for CVE-2020-12255https://github.com/vishwaraj101/CVE-2020-12255POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2020-12255

登录查看更多情报信息。

Same Patch Batch · n/a · 2020-05-18 · 38 CVEs total

CVE-2020-9524Micro Focus Enterprise Server和Enterprise Developer 跨站脚本漏洞
CVE-2020-11549多款NETGEAR产品信任管理问题漏洞
CVE-2020-11550多款NETGEAR产品信息泄露漏洞
CVE-2020-11551多款NETGEAR产品授权问题漏洞
CVE-2020-8035Horde Groupware Webmail 跨站脚本漏洞
CVE-2020-12256rConfig 跨站脚本漏洞
CVE-2020-10967Dovecot 输入验证错误漏洞
CVE-2020-10958Dovecot 资源管理错误漏洞
CVE-2020-10957Dovecot 代码问题漏洞
CVE-2020-12257rConfig 跨站请求伪造漏洞
CVE-2019-7247AMD OverDrive 安全漏洞
CVE-2020-12258rConfig 授权问题漏洞
CVE-2020-12259rConfig 跨站脚本漏洞
CVE-2020-13129Heineking Media stashcat app 信息泄露漏洞
CVE-2020-12860COVIDSafe app 信息泄露漏洞
CVE-2020-12859COVIDSafe app 安全漏洞
CVE-2020-12858COVIDSafe app 信息泄露漏洞
CVE-2020-12857COVIDSafe app 信息泄露漏洞
CVE-2020-12856OpenTrace 安全漏洞
CVE-2019-19456Wowza Media Systems Streaming Engine 跨站脚本漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2020-12255

No comments yet

Leave a comment