Critical severity9.1NVD Advisory· Published May 18, 2020· Updated Jun 17, 2026
CVE-2020-12258
CVE-2020-12258
Description
rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- rConfig/rConfigdescription
Patches
Vulnerability mechanics
References
1- gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8nvdThird Party Advisory
News mentions
0No linked articles in our index yet.