CSRF Vulnerability in BEESCMS 4.0 Allows Addition of Arbitrary VIP Accounts

AV:N/AC:M/AU:N/C:P/I:P/A:P

BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.

Learn more about our Web App Pen Testing.