Allenchen

**Name of the Vulnerable Software and Affected Versions** HuCart version 5.7.4 **Description** A CSRF issue allows adding an admin account via the /adminsys/index.php?load=admins&act=edit info&act type=add API endpoint. **Recommendations** For HuCart version 5.7.4, as a temporary workaround, consider restricting access to the /adminsys/index.php?load=admins&act=edit info&act type=add API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.