CVE-2020-20595

Name of the Vulnerable Software and Affected Versions: OPMS versions 1.3 and below

Description: A cross-site request forgery (CSRF) issue allows attackers to arbitrarily add a user account via the "/user/add" API endpoint. This enables unauthorized modifications to the system by tricking users into performing unintended actions.

Recommendations: For OPMS versions 1.3 and below, as a temporary workaround, consider restricting access to the "/user/add" API endpoint until a patch is available. Additionally, implement proper CSRF token validation to prevent unauthorized requests.