Fdbao

**Name of the Vulnerable Software and Affected Versions** UsualToolCMS version 8.0 **Description** An issue was discovered that allows CSRF attacks, which can execute SQL statements. Consequently, this can lead to the execution of arbitrary PHP code by writing that code into a .php file. The issue is related to the `cmsadmin/a sqlbackx.php?t=sql` endpoint. **Recommendations** For UsualToolCMS version 8.0, as a temporary workaround, consider restricting access to the `cmsadmin/a sqlbackx.php?t=sql` endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.