Aaaahuia

**Name of the Vulnerable Software and Affected Versions** MCMS version 5.2.7 **Description** An issue was discovered that allows for a CSRF vulnerability, enabling the addition of an administrator account via the "ms/basic/manager/save.do" API endpoint. **Recommendations** For MCMS version 5.2.7, as a temporary workaround, consider restricting access to the "ms/basic/manager/save.do" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.