CVE-2020-20287

Name of the Vulnerable Software and Affected Versions: yccms version 3.3

Description: The issue is related to an unrestricted file upload vulnerability. It is caused by the xhUp function's improper judgment of the request parameters, which can trigger remote code execution.

Recommendations: For yccms version 3.3, consider disabling the xhUp function as a temporary workaround until a patch is available. Restrict access to file upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.