Riyiro

**Name of the Vulnerable Software and Affected Versions** Flexo CMS version 0.1.6 **Description** A CSRF issue allows adding an administrator via the "/admin/user/add" API endpoint. **Recommendations** For Flexo CMS version 0.1.6, update to a version that includes a fix for this issue, if available. As a temporary workaround, consider restricting access to the "/admin/user/add" endpoint to minimize the risk of exploitation.