Samplev45

**Name of the Vulnerable Software and Affected Versions** Teedy versions 1.11 and earlier **Description** The issue allows for CSRF, enabling account takeover via POST "/api/user/admin". This can be exploited to gain unauthorized access to user accounts. **Recommendations** For versions 1.11 and earlier, as a temporary workaround, consider restricting access to the "/api/user/admin" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.