CVE-2018-14068

Name of the Vulnerable Software and Affected Versions SRCMS version 2.3.1

Description An issue in SRCMS allows for a CSRF vulnerability, enabling the addition of an admin account via the "admin.php?m=Admin&c=manager&a=add" API endpoint.

Recommendations For SRCMS version 2.3.1, as a temporary workaround, consider restricting access to the admin.php endpoint, specifically the add action, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.