Sdrac0Nids

**Name of the Vulnerable Software and Affected Versions** EasyCMS version 1.5 **Description** An issue was discovered that allows for a CSRF vulnerability, enabling the update of the admin password. This is achieved via the `index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent` endpoint, by exploiting the lack of proper CSRF protection. **Recommendations** For EasyCMS version 1.5, consider implementing proper CSRF protection mechanisms to prevent unauthorized updates to the admin password, such as validating tokens for requests made to the `index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent` endpoint.