Wuzhi · Wuzhi Cms · CVE-2018-9926
**Name of the Vulnerable Software and Affected Versions**
WUZHI CMS version 4.1.0
**Description**
A CSRF issue was found that allows adding an admin account via the "index.php?m=core&f=power&v=add" endpoint.
**Recommendations**
For WUZHI CMS version 4.1.0, update to a newer version that contains a fix for this issue.