CVE-2020-10793: 
PHP vulnerability analysis and mitigation

CVE-2020-10793 affects CodeIgniter through version 4.0.0, allowing remote attackers to gain privileges by modifying Email IDs on the 'Select Role of the User' page. This vulnerability was discovered in March 2020. However, it's important to note that this vulnerability is disputed, as CodeIgniter framework contributors argue that the issue should not be attributed to CodeIgniter since the framework has never provided login screen functionality or user management facilities beyond a Session library (NVD).

The vulnerability is related to privilege escalation through email ID modification in the user role selection process. It has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-269 (Improper Privilege Management) (NVD).

If successfully exploited, the vulnerability allows attackers to gain unauthorized access to other user accounts by manipulating email IDs during the role selection process. This could lead to complete account takeover and privilege escalation, potentially compromising the security of the affected system (Medium Blog).

CodeIgniter has addressed this issue in their authentication documentation and recommends using their official authentication framework, CodeIgniter Shield, which is designed to be secure and flexible. The framework provides proper authentication implementations and security measures to prevent such vulnerabilities (CodeIgniter Docs).

The vulnerability has generated significant discussion within the security community, with CodeIgniter framework contributors disputing the attribution of the vulnerability to CodeIgniter itself. They argue that the issue lies with custom implementations rather than the core framework, as CodeIgniter does not provide built-in login or user management facilities (NVD).