xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.
[
{
"cpes": [
"cpe:2.3:a:mindskip:xzs-mysql:3.8:*:*:*:*:*:*:*"
],
"vendor": "mindskip",
"product": "xzs-mysql",
"versions": [
{
"status": "affected",
"version": "3.8"
}
],
"defaultStatus": "unknown"
}
]