云天河

**Name of the Vulnerable Software and Affected Versions** ASPCMS version 2.5.6 **Description** An issue was discovered in the `addUser` function of the "/member/reg.asp" page, allowing ordinary users to be registered with the super administrators `GroupID` directly. **Recommendations** For ASPCMS version 2.5.6, consider restricting access to the `addUser` function in the "/member/reg.asp" page to prevent unauthorized registration of super administrators. As a temporary workaround, restrict the use of the `GroupID` variable in the registration process until a patch is available.