CVE-2020-36906

Name of the Vulnerable Software and Affected Versions P5 FNIP-8x16A FNIP-4xSH version 1.0.20

Description The software contains a cross-site request forgery issue that enables attackers to execute administrative actions without authorization. An attacker can create malicious web pages to add new administrator accounts, alter passwords, and change system settings by deceiving authenticated users into loading a specially designed form. The attack relies on tricking a user who is already logged in to the application into performing actions they did not intend to.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider implementing CSRF tokens to protect sensitive actions.