CVE-2020-21141

Name of the Vulnerable Software and Affected Versions: iCMS version 7.0.15

Description: The issue is related to a Cross-Site Request Forgery (CSRF) that can be exploited via the /admincp.php?app=members&do=add API endpoint. This allows for unauthorized actions to be performed on behalf of a user without their knowledge or consent.

Recommendations: For iCMS version 7.0.15, consider implementing proper CSRF token validation to prevent unauthorized requests to the /admincp.php?app=members&do=add endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.