CVE-2018-20780

Name of the Vulnerable Software and Affected Versions: Traq version 3.7.1

Description: The issue allows creation of an admin account through a CSRF attack, specifically by setting group id to 1, which designates an admin role. This can be exploited by tricking an administrator into performing an unintended action, resulting in the creation of a new admin account.

Recommendations: For version 3.7.1, as a temporary workaround, consider implementing CSRF protection measures to prevent unintended actions. Update to a version that includes a fix for this issue when available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.