CVE-2018-18201

Name of the Vulnerable Software and Affected Versions qibosoft version 7.0

Description The issue allows for a CSRF attack, enabling an attacker to add a user account. This can be achieved through the "admin/index.php?lfj=member&action=addmember" API endpoint.

Recommendations For qibosoft version 7.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests to the "admin/index.php?lfj=member&action=addmember" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.