CVE-2019-17676

Name of the Vulnerable Software and Affected Versions MetInfo version 7.0.0beta

Description The issue allows for a CSRF attack, enabling an attacker to add a user account. This is achieved by sending a doSaveSetup action to the admin/index.php endpoint, for example, via an admin/?n=admin&c=index&a=doSaveSetup URI.

Recommendations For MetInfo version 7.0.0beta, consider implementing CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to the admin/index.php endpoint to minimize the risk of exploitation.