Closed hkzj closed 5 years ago
Hi, thanks for reporting this! I just pushed a commit that fixes this here, but I haven't pushed an update out yet because I want to go through to make sure there aren't others first.
Just pushed update 2.0.5 that fixes this. Thanks again for reporting it!
CVE-2018-16387 has been assigned for this issue.
After the administrator logged in, open the following page poc: csrf.html---add a admin