CVE-2020-18157

Name of the Vulnerable Software and Affected Versions: MetInfo version 6.1.3

Description: A Cross Site Request Forgery (CSRF) issue exists, which can be exploited via a doaddsave action in the admin/index.php API endpoint. This allows for unauthorized actions to be performed on behalf of a user.

Recommendations: For MetInfo version 6.1.3, consider implementing proper CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to the admin/index.php endpoint to minimize the risk of exploitation.