CVE-2020-21881

Name of the Vulnerable Software and Affected Versions DuxCMS version 2.1

Description A Cross Site Request Forgery (CSRF) issue in the admin.php file of DuxCMS allows remote attackers to modify application data via the "article/admin/content/add" endpoint. This can be exploited by tricking administrators into performing unintended actions.

Recommendations For DuxCMS version 2.1, consider implementing CSRF token validation to prevent unauthorized requests. As a temporary workaround, restrict access to the admin.php file and the "article/admin/content/add" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.