CVE-2013-7473

Name of the Vulnerable Software and Affected Versions Windu CMS version 2.2

Description The issue allows for a Cross-Site Request Forgery (CSRF) attack via the "admin/users/?mn=admin.message.error" endpoint to add an admin account.

Recommendations For Windu CMS version 2.2, as a temporary workaround, consider restricting access to the "admin/users/" endpoint until a patch is available. Avoid using the "admin/users/?mn=admin.message.error" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.