Cross site request forgery (csrf)

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=addpost URI...

CVE-2018-10267

WTCMS 1.0 is affected by a CSRF vulnerability that allows an attacker to add an administrator account using the URI index.php?admin&m=user&a=add_post. Root cause: CSRF in the admin-user creation flow. Impact: attacker could elevate privileges by creating an admin account; no exploitation details ...