CVE-2017-8930

Name of the Vulnerable Software and Affected Versions Simple Invoices version 2013.1.beta.8

Description The issue allows remote attackers to hijack the authentication of admins for requests. This can lead to creating new administrator user accounts and taking over the entire application, creating regular user accounts, or changing configuration parameters such as tax rates and the enable/disable status of PayPal payment modules.

Recommendations For Simple Invoices version 2013.1.beta.8, consider implementing proper CSRF protection mechanisms to prevent authentication hijacking, such as token-based validation for sensitive operations like creating new administrator or regular user accounts, and modifying configuration parameters.