2021-07-26 17:07:26
mitre
PUBLISHED
In RPCMS v1.8 and below, attackers can interact with API and change variable "role" to "admin" to achieve admin user registration.