CVE-2020-20289

Name of the Vulnerable Software and Affected Versions: yccms version 3.3

Description: The issue arises from the no top function's improper judgment of the request parameters, leading to a sql injection vulnerability. This allows for potential exploitation by manipulating request parameters.

Recommendations: For yccms version 3.3, consider restricting access to the no top function until a patch is available. As a temporary workaround, carefully validate and sanitize all request parameters to minimize the risk of sql injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.