CVE-2020-19268

A cross-site request forgery CSRF in index.php/Dswjcms/User/tfAdd of Dswjcms 1.6.4 allows authenticated attackers to arbitrarily add administrator users...