Microweber · Microweber · CVE-2018-17104
**Name of the Vulnerable Software and Affected Versions**
Microweber version 1.0.7
**Description**
An issue was discovered that allows a CSRF attack against the admin user, enabling the addition of an administrative account via the "api/save user" endpoint.
**Recommendations**
For Microweber version 1.0.7, update to a newer version that contains a fix for this issue to prevent CSRF attacks.