CVE-2020-18264

Name of the Vulnerable Software and Affected Versions: Simple-Log version 1.6

Description: The issue allows remote attackers to gain privilege and execute arbitrary code. This is achieved via the "Simple-Log/admin/admin.php?act=act edit member" API endpoint.

Recommendations: For Simple-Log version 1.6, update to a version that includes a fix for this issue, as using the current version may allow attackers to execute arbitrary code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.