CVE-2020-24142

Name of the Vulnerable Software and Affected Versions: Video Downloader for TikTok plugin version 1.3

Description: The issue allows an attacker to send crafted requests from the back-end server of a vulnerable web application, potentially helping to identify open ports and local network hosts, and execute commands on services. This is achieved via the njt-tk-download-video parameter.

Recommendations: For Video Downloader for TikTok plugin version 1.3, consider disabling the njt-tk-download-video parameter to minimize the risk of exploitation until a patch is available. Restrict access to the plugin's functionality to prevent potential abuse. At the moment, there is no information about a newer version that contains a fix for this vulnerability.