CVE-2020-35388

Name of the Vulnerable Software and Affected Versions rainrocka xinhu version 2.1.9

Description The issue allows remote attackers to obtain sensitive information via an "index.php?a=gettotal" request in which the ajaxbool value is manipulated to be true. This can lead to unauthorized access to sensitive data.

Recommendations For rainrocka xinhu version 2.1.9, consider restricting access to the "index.php?a=gettotal" endpoint until a patch is available. As a temporary workaround, avoid manipulating the ajaxbool value to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.