Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23631
Reference (s):
- https://github.com/shadoweb/wdja/issues/11
- https://www.cnblogs.com/wayne-tao/p/13110663.html