CVE-2020-35675

Name of the Vulnerable Software and Affected Versions BigProf Online Invoicing System versions prior to 3.0

Description The issue concerns a lack of CSRF protection in the "admin/pageTransferOwnership.php" endpoint, allowing an attacker to escalate privileges to Administrator and take over the application.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider implementing CSRF protection for the "admin/pageTransferOwnership.php" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation.