CVE-2020-21643

Name of the Vulnerable Software and Affected Versions HongCMS version 3.0

Description The issue allows attackers to run arbitrary code via the callback parameter to the "/ajax/myshop" API endpoint. This enables attackers to execute malicious scripts, potentially leading to unauthorized access or data breaches.

Recommendations For HongCMS version 3.0, consider disabling access to the "/ajax/myshop" API endpoint or restricting the use of the callback parameter until a patch is available. Additionally, avoid using the callback parameter in the affected API endpoint until the issue is resolved.