CVE-2020-12743

Name of the Vulnerable Software and Affected Versions Gazie version 7.32

Description A security issue was found where the installation of Gazie does not properly secure its own file /setup/install/setup.php. This allows unauthorized access to the file, which can be exploited to include arbitrary PHP files using the hidden req POST parameter.

Recommendations For Gazie version 7.32, consider removing or restricting access to the /setup/install/setup.php file to prevent unauthorized access and potential arbitrary PHP file inclusion. As a temporary workaround, restrict access to this file until a proper fix is available.