Crazywa1Ker

**Name of the Vulnerable Software and Affected Versions** creditease-sec insight through 2018-09-11 **Description** An issue was discovered that allows CSRF in the `login user delete` function located in `srcpm/app/admin/views.py`. **Recommendations** For creditease-sec insight through 2018-09-11, consider implementing CSRF protection measures to prevent exploitation. As a temporary workaround, restrict access to the `login user delete` function in `srcpm/app/admin/views.py` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** creditease-sec insight through 2018-09-11 **Description** An issue was discovered that allows CSRF in the role perm delete function located in srcpm/app/admin/views.py. **Recommendations** For creditease-sec insight through 2018-09-11, consider disabling the `role perm delete` function in srcpm/app/admin/views.py to prevent CSRF attacks until a patch is available.

**Name of the Vulnerable Software and Affected Versions** creditease-sec insight versions through 2018-09-11 **Description** An issue was discovered that allows CSRF, specifically in the depart delete function within the srcpm/app/admin/views.py file. **Recommendations** For creditease-sec insight versions through 2018-09-11, consider implementing CSRF protection measures to prevent exploitation. As a temporary workaround, restrict access to the depart delete function in srcpm/app/admin/views.py until a patch is available.

**Name of the Vulnerable Software and Affected Versions** creditease-sec insight through 2018-09-11 **Description** An issue was discovered that allows CSRF in the `user delete` function, located in `srcpm/app/admin/views.py`. **Recommendations** For creditease-sec insight through 2018-09-11, consider implementing CSRF protection measures to prevent exploitation, such as token-based validation or header-based validation, until a patch is available.