CVE-2020-20092

Name of the Vulnerable Software and Affected Versions: ArticleCMS version 1.0

Description: A File Upload issue exists via the image upload feature at "/admin" by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code. The API endpoint "/admin" is affected.

Recommendations: For ArticleCMS version 1.0, as a temporary workaround, consider disabling the image upload feature at the "/admin" endpoint until a patch is available. Restrict access to the image upload module to minimize the risk of exploitation. Avoid using the image upload feature in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.