CVE-2020-18167

Name of the Vulnerable Software and Affected Versions LAOBANCMS version 2.0

Description The issue is related to Cross Site Scripting (XSS) that allows remote attackers to execute arbitrary code. This is achieved by injecting commands into the Homepage Introduction field of the component "admin/info.php?shuyu". The vulnerability is associated with a lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For LAOBANCMS version 2.0, consider disabling the admin/info.php?shuyu component or restricting access to it until a patch is available. Additionally, avoid using the Homepage Introduction field in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.