Diazraelwang

**Name of the Vulnerable Software and Affected Versions** FlyCms version 1.0 **Description** A Cross Site Request Forgery (CSRF) issue allows attackers to add arbitrary administrator accounts via the "system/admin/admin save" endpoint. This can be exploited by attackers to gain unauthorized access to the system. **Recommendations** For FlyCms version 1.0, as a temporary workaround, consider disabling the `admin save` function in the `system/admin` module until a patch is available. Restrict access to the `system/admin/admin save` endpoint to minimize the risk of exploitation.