Polarpeak

**Name of the Vulnerable Software and Affected Versions** PopojiCMS version 2.0.1 **Description** An issue was discovered in PopojiCMS, allowing CSRF via the "po-admin/route.php?mod=user&act=addnew" URI. This can be exploited to add a level=1 account. **Recommendations** For PopojiCMS version 2.0.1, as a temporary workaround, consider restricting access to the "po-admin/route.php?mod=user&act=addnew" URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.