CVE-2020-26679
CVE-2020-26679 affects vFairs 3.3 and is due to insecure permissions. Any logged-in user can modify other users’ profile information or profile pictures by sending an HTTP POST with another user’s ID, potentially enabling cross-site scripting or uploading PHP webshells as profile images. User IDs...