Zed-Wong

**Name of the Vulnerable Software and Affected Versions** UKcms version 1.1.10 **Description** A CSRF issue was discovered that can add an admin user. The issue is related to the "admin.php/admin/role/add.html" API endpoint. **Recommendations** For UKcms version 1.1.10, update to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the "admin.php/admin/role/add.html" endpoint to minimize the risk of exploitation.