CVE-2020-18166

Name of the Vulnerable Software and Affected Versions: LAOBANCMS version 2.0

Description: The issue allows remote attackers to upload arbitrary files. This is achieved by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc".

Recommendations: For LAOBANCMS version 2.0, consider restricting file uploads to only allowed extensions and validating the file type to prevent uploading arbitrary files. As a temporary workaround, consider disabling the file upload functionality in the "admin/wenjian.php" component until a patch is available.