Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20642
Reference (s):
- https://github.com/eyoucms/eyoucms/issues/5