CVE-2018-10267
WTCMS 1.0 is affected by a CSRF vulnerability that allows an attacker to add an administrator account using the URI index.php?admin&m=user&a=add_post. Root cause: CSRF in the admin-user creation flow. Impact: attacker could elevate privileges by creating an admin account; no exploitation details ...