CVE-2020-24139

Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2

Description: The issue allows an attacker to send crafted requests from the back-end server of a vulnerable web application via the path parameter to "wex/cssjs.php". This can be used to identify open ports, local network hosts, and execute commands on local services.

Recommendations: For Wcms version 0.3.2, consider restricting access to the "wex/cssjs.php" endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the path parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.