CVE-2020-18416

Name of the Vulnerable Software and Affected Versions Jymusic version 2.0.0

Description A cross-site request forgery (CSRF) issue allows attackers to execute arbitrary code via the "/admin.php?s=/addons/config.html&id=6" API endpoint to modify payment information. This can be achieved by exploiting the id variable.

Recommendations For Jymusic version 2.0.0, as a temporary workaround, consider restricting access to the "/admin.php?s=/addons/config.html&id=6" API endpoint to minimize the risk of exploitation. Avoid using the id variable in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.