CVE-2020-23426

Name of the Vulnerable Software and Affected Versions zzcms version 201910

Description The issue is related to an access control vulnerability that allows escalation of privileges. This vulnerability is exploited through the "/user/adv.php" API endpoint, which enables an attacker to modify data. This could potentially lead to further attacks, such as Cross-Site Request Forgery (CSRF). CSRF is an attack that tricks the victim into performing unintended actions on a web application that they are authenticated to.

Recommendations For zzcms version 201910, consider restricting access to the "/user/adv.php" endpoint until a patch is available. As a temporary workaround, limiting the privileges of users interacting with this endpoint can help minimize the risk of exploitation.