2018-04-17 19:00:00
mitre
PUBLISHED
An issue was discovered in TuziCMS v2.0.6. There is a CSRF vulnerability that can add an admin account, as demonstrated by a history.pushState call.