[net.mingsoft:ms-mcms] Cross Site Request Forgery in Mingsoft MCMS

An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do.

Underground News