CVE-2020-21321

Name of the Vulnerable Software and Affected Versions: emlog version 6.0

Description: The issue allows attackers to perform a Cross-Site Request Forgery (CSRF) attack via the "/admin/link.php?action=addlink" API endpoint, enabling them to arbitrarily add articles.

Recommendations: For emlog version 6.0, as a temporary workaround, consider restricting access to the "/admin/link.php?action=addlink" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.