CVE-2020-20943

Name of the Vulnerable Software and Affected Versions: Qibosoft version 7

Description: A Cross-Site Request Forgery (CSRF) issue exists in the /member/post.php?job=postnew&step=post endpoint of the affected software, allowing attackers to force victim users into publishing new articles via a crafted URL.

Recommendations: For Qibosoft version 7, as a temporary workaround, consider restricting access to the /member/post.php?job=postnew&step=post endpoint until a patch is available. Avoid using this endpoint with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.