CVE-2018-10127
XYHCMS 3.5 is affected by a CSRF vulnerability that allows an attacker to trigger index.php?g=Manage&m=Rbac&a=addUser to add an administrator account. This is documented in CVE-2018-10127 and reflected in Red Hat and CNVD entries, among others. The widely cited effect is unauthorized elevation of...