CVE-2020-5203

Name of the Vulnerable Software and Affected Versions Fat-Free Framework version 3.7.1

Description The issue allows attackers to achieve arbitrary code execution if developers pass user-controlled input, such as $ REQUEST, $ GET, or $ POST, to the framework's Clear method. This can lead to exploitation when user input is not properly sanitized.

Recommendations For Fat-Free Framework version 3.7.1, avoid passing user-controlled input to the Clear method until a patch is available. As a temporary workaround, consider validating and sanitizing all user input before passing it to the framework's methods to minimize the risk of exploitation.