Bay0Net

**Name of the Vulnerable Software and Affected Versions** BEESCMS version 4.0 **Description** The issue allows for arbitrary addition of administrators due to a CSRF concern. **Recommendations** For BEESCMS version 4.0, update to a version that includes a fix for this issue, as the current version allows for unauthorized modifications to administrator accounts.

**Name of the Vulnerable Software and Affected Versions** LFCMS version 3.7.0 **Description** A CSRF issue exists, allowing users to be added arbitrarily. **Recommendations** For LFCMS version 3.7.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LFCMS version 3.7.0 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of users for requests that add administrator users via the `s` parameter. **Recommendations** For LFCMS version 3.7.0, as a temporary workaround, consider restricting access to the admin.php file until a patch is available. Avoid using the `s` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Maccms version 10 **Description** The issue allows for CSRF, enabling attackers to add user accounts via the admin.php/admin/admin/info.html endpoint. **Recommendations** For Maccms version 10, as a temporary workaround, consider restricting access to the admin.php/admin/admin/info.html endpoint until a patch is available.