CVE-2020-19263

Name of the Vulnerable Software and Affected Versions: MipCMS version 5.0.1

Description: A cross-site request forgery (CSRF) issue allows attackers to escalate user privileges to administrator. This can be achieved via the "index.php?s=/user/ApiAdminUser/itemEdit" endpoint, by exploiting the lack of proper validation on user requests.

Recommendations: For MipCMS version 5.0.1, consider implementing proper validation and verification of user requests to prevent unauthorized privilege escalation. As a temporary workaround, restrict access to the "index.php?s=/user/ApiAdminUser/itemEdit" endpoint to minimize the risk of exploitation.