CVE-2018-15177

Name of the Vulnerable Software and Affected Versions Gxlcms version 2.0

Description The issue allows for a CSRF attack, which can be used to add an administrator account through the news/index.php?s=Admin-Admin-Insert endpoint.

Recommendations For Gxlcms version 2.0, consider implementing CSRF protection measures to prevent unauthorized actions, such as adding administrator accounts. As a temporary workaround, restrict access to the news/index.php?s=Admin-Admin-Insert endpoint to minimize the risk of exploitation.