CVE-2020-19705

Name of the Vulnerable Software and Affected Versions: thinkphp-zcms as of 20190715

Description: The issue allows SQL injection via the "index.php?m=home&c=message&a=add" API endpoint. This could potentially lead to unauthorized access to sensitive data.

Recommendations: For thinkphp-zcms as of 20190715, avoid using the "index.php?m=home&c=message&a=add" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.