Guneggwang

**Name of the Vulnerable Software and Affected Versions** Gleez CMS version 1.2.0 **Description** The issue allows for a CSRF attack that can add an administrator account. This is achieved via the "admin/users/add" API endpoint, utilizing the `admin/users/add` path. **Recommendations** For Gleez CMS version 1.2.0, as a temporary workaround, consider restricting access to the "admin/users/add" endpoint until a patch is available.