CVE-2020-8505

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.
Source: NIST
CVE-2020-8505