CVE-2020-13638

Critical

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue…

mitre·CWE-269·Published 2020-11-13

CVSS

9.8

EPSS

0.77

KEV

Exploits

cve.orgen

163 chars

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

NVDen

163 chars

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

En la biblioteca lib/crud/userprocess.php en rConfig versiones 3.9.x anteriores a 3.9.7, presenta una omisión de autenticación, conllevando a una creación de una cuenta de administrador. Este problema ha sido corregido en la versión 3.9.7

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H