CVE-2020-19264 – A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to

A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers to arbitrarily add users via index.php?s=/user/ApiAdminUser/itemAdd.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19264

Reference (s):

• https://github.com/sansanyun/mipcms5/issues/4