CVE-2020-27191

Name of the Vulnerable Software and Affected Versions LionWiki versions prior to 3.2.12

Description The issue allows an unauthenticated user to read files as the web server user via a crafted string in the f1 variable in index.php, also known as Local File Inclusion. This affects products that are no longer supported by the maintainer.

Recommendations For versions prior to 3.2.12, update to version 3.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or disabling the f1 variable to minimize the risk of exploitation.