Unknown · Sistem Informasi Pengumuman Kelulusan Online · CVE-2020-37046
**Name of the Vulnerable Software and Affected Versions**
Sistem Informasi Pengumuman Kelulusan Online version 1.0
**Description**
The application contains a cross-site request forgery condition that permits attackers to add unauthorized admin users. This is achieved by exploiting the `tambahuser.php` endpoint, where malicious HTML forms can be used to submit admin credentials and create new administrative accounts without proper authorization.
**Recommendations**
Apply updates to address the issue in the `tambahuser.php` endpoint.