Ritawwang

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.1.8 **Description** The issue is related to CSRF, which can be exploited via the admin/users/new/add endpoint. **Recommendations** For CSZ CMS version 1.1.8, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** doyocms version 2.3(20140425 update) **Description** An issue was discovered that allows for a CSRF vulnerability, enabling the addition of a super administrator account via the "admin.php?c=a adminuser&a=add&run=1" endpoint. The `c`, `a`, and `run` variables are utilized in this process. **Recommendations** For doyocms version 2.3(20140425 update), as a temporary workaround, consider restricting access to the "admin.php?c=a adminuser&a=add&run=1" endpoint to prevent potential exploitation. Additionally, avoid using the `c`, `a`, and `run` variables in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** EasyCMS version 1.5 **Description** An issue was discovered that allows for CSRF via the "index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent" URI. **Recommendations** For EasyCMS version 1.5, consider implementing proper CSRF protection mechanisms to prevent exploitation. As a temporary workaround, restrict access to the "index.php?s=/admin/articlem/insert/navTabId/listarticle/callbackType/closeCurrent" URI to minimize the risk of exploitation.