The Idappcom Threat Detection Team has been investigating multiple vulnerabilities that have been discovered in phpGACL 3.3.7. We are currently re-creating the exploits so we can provide traffic files and rules to provide protection to our customers.
phpGACL is a set of functions that allows you to apply access control to arbitrary objects (web pages, databases, etc) by other arbitrary objects (users, remote hosts, etc).
CVE Number: CVE-2020-13562, CVE-2020-13563, CVE-2020-13564
CVE Number: CVE-2020-13565
Open Redirect: A specially crafted HTTP request can be used to redirect a victim to arbitrary web sites.
CVE Number: CVE-2020-13569
Cross-site Request Forgery: A specially crafted request can be used to execute arbitrary requests caused by improper input validation.