CVE-2020-20636

Name of the Vulnerable Software and Affected Versions Joyplus-cms version 1.6.0

Description A SQL injection issue allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. This enables unauthorized access to sensitive data.

Recommendations For Joyplus-cms version 1.6.0, consider restricting access to the goodbad() function until a patch is available. As a temporary workaround, avoid using the id parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.