CVE-2019-17369

Name of the Vulnerable Software and Affected Versions OTCMS version 3.85

Description The issue concerns a CSRF flaw in the admin/member deal.php Admin Panel page. This allows for the creation of a new management group account, as shown by the ability to act as a superadmin.

Recommendations For OTCMS version 3.85, consider implementing CSRF protection measures to prevent unauthorized actions, such as token-based validation for requests made to the admin/member deal.php page.