F1Vetop

Name of the Vulnerable Software and Affected Versions: YzmCMS version 3.8 Description: An issue was discovered that allows for a CSRF vulnerability, enabling the addition of an admin account via the "/index.php/admin/admin manage/add.html" API endpoint. Recommendations: For YzmCMS version 3.8, consider implementing CSRF protection measures to prevent unauthorized additions of admin accounts. As a temporary workaround, restrict access to the "/index.php/admin/admin manage/add.html" endpoint until a patch is available.

Name of the Vulnerable Software and Affected Versions: YzmCMS version 3.8 Description: A CSRF issue allows adding a tag via the "/index.php/admin/tag/add.html" API endpoint. Recommendations: For YzmCMS version 3.8, consider implementing CSRF protection measures to prevent unauthorized actions, such as adding tags, until a patch is available. As a temporary workaround, restrict access to the "/index.php/admin/tag/add.html" endpoint to minimize the risk of exploitation.