Rich4Ever

**Name of the Vulnerable Software and Affected Versions** DiliCMS version 2.4.0 **Description** A CSRF issue allows deletion of a user or group via specific URIs, such as "admin/index.php/user/del/1" or "admin/index.php/role/del/2". **Recommendations** For DiliCMS version 2.4.0, as a temporary workaround, consider restricting access to the `admin/index.php/user/del/` and `admin/index.php/role/del/` endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.