Riyir

**Name of the Vulnerable Software and Affected Versions** REDAXO CMS version 4.7.2 **Description** An issue was discovered that allows for a CSRF vulnerability, enabling the addition of an administrator account via the "index.php?page=user" endpoint. The `page` and `user` parameters are involved in this issue. **Recommendations** For REDAXO CMS version 4.7.2, as a temporary workaround, consider restricting access to the "index.php?page=user" endpoint until a patch is available.