An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users’ personally identifiable information including e-mail address and telephone numbers.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23768
Reference (s):
- https://github.com/whiskey-jj/w2s2x2222.github.io/issues/1