CVE-2020-18019

Name of the Vulnerable Software and Affected Versions: Xinhu OA System version 1.8.3

Description: The issue allows remote attackers to obtain sensitive information by injecting arbitrary commands into the typeid variable of the createfolderAjax function in the mode worcAction.php component. This enables attackers to execute unauthorized actions, potentially leading to data exposure.

Recommendations: For Xinhu OA System version 1.8.3, as a temporary workaround, consider restricting access to the createfolderAjax function in the mode worcAction.php component to minimize the risk of exploitation. Avoid using the typeid variable in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.