CVE-2018-14583
XYHCMS 3.5 is affected by a Cross-Site Request Forgery (CSRF) in the URL xyhai.php?s=/Auth/addUser, which can be used to add a background administrator account. The vulnerability is described across multiple sources as CVE-2018-14583. The provided connected documents confirm the affected componen...