CVE-2020-35337

Name of the Vulnerable Software and Affected Versions: ThinkSAAS versions prior to 3.38

Description: The issue allows remote attackers to execute arbitrary SQL commands through a SQL injection vulnerability. This vulnerability is exploited through the "app/topic/action/admin/topic.php" endpoint via the title parameter.

Recommendations: For versions prior to 3.38, update to version 3.38 or later to resolve the issue. As a temporary workaround, consider restricting access to the "app/topic/action/admin/topic.php" endpoint or avoiding the use of the title parameter until the issue is resolved.