2019-10-09 10:55:46
mitre
PUBLISHED
OTCMS v3.85 has CSRF in the admin/member_deal.php Admin Panel page, leading to creation of a new management group account, as demonstrated by superadmin.