CVE-2018-7733

Name of the Vulnerable Software and Affected Versions: YxtCMF version 3.1

Description: An issue was discovered in YxtCMF, where the RbacController.class.php file is vulnerable to CSRF attacks. This allows an attacker to modify an administrator account via the "index.php/admin/user/add post.html" endpoint, potentially leading to unauthorized access and changes.

Recommendations: For YxtCMF version 3.1, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized modifications to administrator accounts. As a temporary workaround, restrict access to the "index.php/admin/user/add post.html" endpoint to minimize the risk of exploitation.