Zsnowman

**Name of the Vulnerable Software and Affected Versions** SRCMS version 3.0.0 **Description** The issue allows for a CSRF attack via the "admin.php?m=Admin&c=manager&a=update" endpoint to change the username and password of the super administrator account. **Recommendations** For SRCMS version 3.0.0, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the "admin.php?m=Admin&c=manager&a=update" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SRCMS version 3.0.0 **Description** The issue allows for a CSRF attack via the "admin.php?m=Admin&c=gifts&a=update" API endpoint to change goods prices with the privileges of a super administrator. **Recommendations** For SRCMS version 3.0.0, as a temporary workaround, consider restricting access to the "admin.php?m=Admin&c=gifts&a=update" endpoint to prevent unauthorized changes to goods prices. At the moment, there is no information about a newer version that contains a fix for this vulnerability.