CVE-2018-14420

Name of the Vulnerable Software and Affected Versions MetInfo version 6.0.0

Description The issue allows for a CSRF attack, enabling the addition of a user account through a doaddsave action to admin/index.php. This can be achieved by accessing a specific URI, such as admin/index.php?anyid=47&n=admin&c=admin admin&a=doaddsave.

Recommendations For MetInfo version 6.0.0, consider implementing CSRF protection measures to prevent unauthorized actions, such as adding a user account through the doaddsave action. As a temporary workaround, restrict access to the admin/index.php endpoint to minimize the risk of exploitation.