Youmoon

Name of the Vulnerable Software and Affected Versions: HongCMS version 3.0.0 Description: An issue was discovered that allows for a CSRF vulnerability, enabling the addition of an administrator account via the "admin/index.php/users/save" URI. Recommendations: For HongCMS version 3.0.0, update to a version that includes a fix for this issue, as using the `admin/index.php/users/save` URI can lead to unauthorized administrator account creation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BEESCMS version 4.0 Description: The issue allows for the addition of an administrator account without proper validation, potentially leading to unauthorized access. This is achieved through the "admin/admin admin.php?nav=list admin user&admin p nav=user" API endpoint. Recommendations: For BEESCMS version 4.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/admin admin.php?nav=list admin user&admin p nav=user" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: WTCMS version 1.0 Description: The issue allows for the addition of an administrator account due to a CSRF vulnerability. This can be exploited via the "index.php?admin&m=user&a=add post" URI. Recommendations: For WTCMS version 1.0, as a temporary workaround, consider restricting access to the "index.php?admin&m=user&a=add post" URI until a patch is available.