CVE-2020-36065

CVE-2020-36065 (FlyCms 1.0) describes a CSRF vulnerability in the FlyCms 1.0 platform that lets an attacker add arbitrary administrator accounts via the endpoint at system/admin/admin_save. The root cause is a CSRF weakness in the admin creation flow, enabling privilege escalation. Reported impac...