CVE-2018-20424

Name of the Vulnerable Software and Affected Versions DiscuzX version 3.4

Description The issue allows remote attackers to delete the common member wechatmp data structure when WeChat login is enabled. This can be achieved by sending an ac=unbindmp request to the "plugin.php" endpoint.

Recommendations For DiscuzX version 3.4, consider disabling WeChat login functionality until a patch is available to prevent exploitation. Restrict access to the "plugin.php" endpoint to minimize the risk of unauthorized data deletion. Avoid using the ac=unbindmp request in the affected endpoint until the issue is resolved.