Hybbs · Hybbs · CVE-2019-10644
**Name of the Vulnerable Software and Affected Versions**
HYBBS version 2.2
**Description**
An issue was discovered that allows adding an administrator account due to a CSRF vulnerability in the "/?admin/user.html" API endpoint.
**Recommendations**
For HYBBS version 2.2, as a temporary workaround, consider restricting access to the "/?admin/user.html" endpoint until a patch is available.