Ax8

**Name of the Vulnerable Software and Affected Versions** 74CMS version 5.0.1 **Description** The issue allows an attacker to add a new admin user via the "index.php?m=Admin&c=admin&a=add" API endpoint. This is due to a CSRF vulnerability. **Recommendations** For version 5.0.1, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider implementing CSRF protection measures to prevent unauthorized requests to the "index.php?m=Admin&c=admin&a=add" endpoint.

**Name of the Vulnerable Software and Affected Versions** Msvod version 10 **Description** The issue allows an attacker to change user information via the "admin/member/edit.html" API endpoint. This is achieved through a CSRF vulnerability, which can be exploited to modify user data without the user's knowledge or consent. **Recommendations** For Msvod version 10, update to a version that includes a fix for this issue, as using the current version poses a significant risk due to the presence of the CSRF vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.