CVE-2020-27379

Name of the Vulnerable Software and Affected Versions: Booking Core - Ultimate Booking System version 1.7.0

Description: A CSRF issue allows unauthorized changes to a user's email ID when a request is sent using the GET method, as the CSRF token is not validated. This can lead to password reset issues, where a new password is sent to the modified email ID.

Recommendations: For version 1.7.0, ensure that the CSRF token is properly validated for all request methods, including GET, to prevent unauthorized changes to user email IDs. As a temporary workaround, consider restricting the ability to change email IDs or implementing additional validation for password reset requests until a proper fix is applied.