CVE-2020-19264

Name of the Vulnerable Software and Affected Versions: MipCMS version 5.0.1

Description: A cross-site request forgery (CSRF) issue allows attackers to arbitrarily add users via the "index.php?s=/user/ApiAdminUser/itemAdd" API endpoint. This enables unauthorized access to add new users.

Recommendations: For MipCMS version 5.0.1, consider disabling the itemAdd function in the ApiAdminUser module until a patch is available to prevent exploitation of the CSRF issue. Restrict access to the "index.php?s=/user/ApiAdminUser/itemAdd" endpoint to minimize the risk of unauthorized user additions.