CVE-2017-9378

Name of the Vulnerable Software and Affected Versions BigTree CMS versions prior to 4.2.19

Description The issue allows a user to delete their own account, which is supposed to be an admin-only action. This could have security implications as the admin may have other tasks to complete before a user is deleted, such as data backups.

Recommendations For BigTree CMS versions prior to 4.2.19, update to version 4.2.19 or later to prevent users from deleting their own accounts. As a temporary workaround, consider restricting access to the account deletion feature until the update is applied.