H0Tturk

Name of the Vulnerable Software and Affected Versions: Bandwebsite (aka Bandsite portal system) version 1.5 Description: The issue allows remote attackers to create administrative accounts. This can be achieved by making a direct request to the "admin.php" endpoint with the `Login` parameter set to 1. Recommendations: For Bandwebsite (aka Bandsite portal system) version 1.5, consider restricting access to the "admin.php" endpoint until a patch is available. As a temporary workaround, avoid using the `Login` parameter in the affected endpoint to minimize the risk of exploitation.