Fatmo666

Name of the Vulnerable Software and Affected Versions: PopojiCMS version 2.0.1 Description: A Cross Site Request Forgery (CSRF) issue exists, which can be exploited through the `/po-admin/route.php?mod=user&act=multidelete` API endpoint. This allows for potentially unauthorized actions on user accounts. Recommendations: For PopojiCMS version 2.0.1, consider implementing proper CSRF token validation to prevent unauthorized requests to the `/po-admin/route.php?mod=user&act=multidelete` endpoint. As a temporary workaround, restrict access to this endpoint until a proper fix is applied.