CVE-2020-10460

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows attackers to inject untrusted input inside CSV files via the data parameter in the admin/include/operations.php file, which is accessible through admin/email-harvester.php.

Recommendations For version 9, consider validating and sanitizing the data parameter to prevent injection of untrusted input into CSV files. As a temporary workaround, restrict access to the admin/email-harvester.php file to minimize the risk of exploitation.