CVE-2018-14420
MetInfo 6.0.0 is vulnerable to Cross‑Site Request Forgery (CSRF) that allows an attacker to add a user account via a doaddsave action in admin/index.php (example URI: admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave). The root cause is CSRF protection absence for state-changing requests...