CVE-2020-13638

lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.

Date published : 2020-11-13

https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/