CVE-2020-35972

Name of the Vulnerable Software and Affected Versions: YzmCMS version 5.8

Description: An issue was discovered that allows for a CSRF vulnerability, enabling the addition of member user accounts via the "member/member/add.html" API endpoint. The estimated number of potentially affected devices worldwide is not available.

Recommendations: For YzmCMS version 5.8, as a temporary workaround, consider restricting access to the "member/member/add.html" API endpoint until a patch is available. Avoid using this endpoint to add new member user accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.