CVE-2020-27466: 
rConfig vulnerability analysis and mitigation

An arbitrary file write vulnerability was discovered in rConfig version 3.9.6, specifically in the lib/AjaxHandlers/ajaxEditTemplate.php component. This vulnerability allows attackers to execute arbitrary code via a crafted file (NVD, SSD Advisory).

The vulnerability exists in the connection template edit page of rConfig. An attacker can introduce PHP code inside a file and make it accessible from outside the system. The vulnerability allows for arbitrary file writing, where if the filename doesn't end in .yml, rConfig appends it automatically. For example, a file called test.php would be accessible via https://rconfig/test.php.yml. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system. This could potentially lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive information, modify system configurations, or execute malicious commands with the privileges of the web server (NVD, SSD Advisory).

At the time of disclosure, no official patch or mitigation was available for this vulnerability. The vendor was initially responsive but failed to provide a timeline for a fix or patch after being notified that version 3.9.6 was also vulnerable (SSD Advisory).