CVE-2019-7737

Name of the Vulnerable Software and Affected Versions Verydows version 2.0

Description A CSRF issue was discovered that allows adding an admin account via the "index.php?m=backend&c=admin&a=add&step=submit" endpoint, specifically by manipulating the a and step variables.

Recommendations For version 2.0, consider implementing proper CSRF protection mechanisms to prevent unauthorized admin account additions. As a temporary workaround, restrict access to the "index.php?m=backend&c=admin&a=add&step=submit" endpoint to minimize the risk of exploitation.