CVE-2018-10266

Name of the Vulnerable Software and Affected Versions: BEESCMS version 4.0

Description: The issue allows for the addition of an administrator account without proper validation, potentially leading to unauthorized access. This is achieved through the "admin/admin admin.php?nav=list admin user&admin p nav=user" API endpoint.

Recommendations: For BEESCMS version 4.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/admin admin.php?nav=list admin user&admin p nav=user" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.