Niuzhi

**Name of the Vulnerable Software and Affected Versions** cms-dev/cms version 1.4.rc1 **Description** The issue allows attackers to gain sensitive information via audit logs due to a plaintext password vulnerability in AddAdmin.py. **Recommendations** For version 1.4.rc1, consider disabling the AddAdmin.py script until a patch is available to prevent attackers from gaining sensitive information. Restrict access to audit logs to minimize the risk of exploitation.