Usermuzilio

**Name of the Vulnerable Software and Affected Versions** OneThink version 1.1 **Description** A CSRF issue was found in the admin.php?s=/AuthManager/addToGroup.html endpoint, allowing for the potential granting of administrator privileges. **Recommendations** For OneThink version 1.1, as a temporary workaround, consider restricting access to the `admin.php?s=/AuthManager/addToGroup.html` endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OneThink version 1.1 **Description** An issue was discovered that allows for a CSRF vulnerability. The vulnerability can be exploited through the "admin.php?s=/User/add.html" endpoint, which can add a user. **Recommendations** For OneThink version 1.1, consider implementing CSRF protection measures to prevent unauthorized actions, such as adding a user through the "admin.php?s=/User/add.html" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.