CVE-2020-18694

Name of the Vulnerable Software and Affected Versions: IgnitedCMS version 1.0

Description: The issue allows remote attackers to obtain sensitive information and gain privilege via the component "/admin/profile/save profile". This is a Cross Site Request Forgery (CSRF) issue, which can be exploited by attackers to perform unauthorized actions on behalf of a legitimate user.

Recommendations: For IgnitedCMS version 1.0, as a temporary workaround, consider restricting access to the "/admin/profile/save profile" component until a patch is available. Additionally, avoid using this component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.