Sftnow · Sftnow · CVE-2019-9688
**Name of the Vulnerable Software and Affected Versions**
sftnow versions prior to 2018-12-29
**Description**
The issue allows for a CSRF attack via the "index.php?g=Admin&m=User&a=add post" endpoint to add an admin account.
**Recommendations**
For versions prior to 2018-12-29, update to a version released after 2018-12-29 to resolve the issue.