CVE-2020-24739

Name of the Vulnerable Software and Affected Versions iCMS version 7.0.0

Description A CSRF issue was discovered in the background deletion administrator account. This occurs when the CSRF TOKEN is missing, yet requests can still be made normally, resulting in the deletion of all administrators except the initial one.

Recommendations For iCMS version 7.0.0, ensure that the CSRF TOKEN is properly validated to prevent unauthorized requests. As a temporary workaround, consider implementing additional validation checks for the CSRF TOKEN to mitigate the risk of exploitation.