CVE-2020-10793

Name of the Vulnerable Software and Affected Versions CodeIgniter versions through 4.0.0

Description The issue allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. However, it is argued by a contributor to the CodeIgniter framework that the issue should not be attributed to CodeIgniter itself, as the framework does not provide login or user management facilities beyond a Session library. Instead, the issue is reportedly with a custom module or plugin to CodeIgniter.

Recommendations For CodeIgniter versions through 4.0.0, consider disabling or restricting access to the custom module or plugin that introduces the issue until a fix is available. Additionally, review and secure any custom login or user management implementations to prevent exploitation.