CVE-2020-20642

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.3.6

Description: A Cross Site Request Forgery (CSRF) issue exists, allowing an attacker to add an htm page that can execute js code via the login.php endpoint with specific parameters: m=admin, c=Filemanager, a=newfile, and lang=cn. This can potentially lead to unauthorized actions on the affected system.

Recommendations: For EyouCMS version 1.3.6, as a temporary workaround, consider restricting access to the login.php endpoint with the parameters m=admin, c=Filemanager, a=newfile, and lang=cn to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.