Pboot · Pbootcms · CVE-2019-7570
**Name of the Vulnerable Software and Affected Versions**
PbootCMS version 1.3.6
**Description**
A CSRF issue was discovered that can lead to the deletion of users. This occurs via the "admin.php/User/del/ucode/" API endpoint.
**Recommendations**
For PbootCMS version 1.3.6, consider disabling access to the "admin.php/User/del/ucode/" endpoint until a fix is available.