CVE-2019-10888
UKcms v1.1.10 is affected by a cross-site request forgery (CSRF) vulnerability that can be exploited through admin.php/admin/role/add.html to add an administrator account. The issue stems from CSRF protection gaps on the role-management endpoint, enabling privilege escalation by creating an admin...