CVE-2020-28705

Name of the Vulnerable Software and Affected Versions: FUEL CMS version 1.4.13

Description: The issue is a cross-site request forgery (CSRF) vulnerability. It can be exploited to delete a page via a post ID to the "/pages/delete/3" API endpoint. This allows unauthorized actions to be performed.

Recommendations: For FUEL CMS version 1.4.13, as a temporary workaround, consider restricting access to the "/pages/delete/3" API endpoint until a patch is available. Additionally, avoid using the post ID parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.