Description
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.
Remediation
References
https://gist.github.com/aaaahuia/f708c6c8a320e0f3afbb9247903c4670
Related Vulnerabilities
CVE-2021-39133 Vulnerability in maven package org.rundeck:rundeck
CVE-2020-8127 Vulnerability in maven package org.webjars.bower:reveal.js
CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2
CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml
CVE-2021-44667 Vulnerability in maven package com.alibaba.nacos:nacos-common