CVE-2021-28070

Name of the Vulnerable Software and Affected Versions: PopojiCMS version 2.0.1

Description: A Cross Site Request Forgery (CSRF) issue exists, which can be exploited through the /po-admin/route.php?mod=user&act=multidelete API endpoint. This allows for potentially unauthorized actions on user accounts.

Recommendations: For PopojiCMS version 2.0.1, consider implementing proper CSRF token validation to prevent unauthorized requests to the /po-admin/route.php?mod=user&act=multidelete endpoint. As a temporary workaround, restrict access to this endpoint until a proper fix is applied.