CSRF add admin user

Description

Hello,
OsCMAX 2.5.3 suffers from a cross site request forgery which allows the attacker to add a user.
CWE-352

The attacker can send a link to the admin, so an admin user will be created

Environment

None

Steps to reproduce

None

Status

Assignee

Michael Sasek

Reporter

g4k

Labels

None

Severity

Major

Components

Affects versions

Priority

Configure