CSRF vulnerability in 4.52 #539
Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in KodExplorer that allows an attacker to create a new administrator user without authentication by tricking a logged-in admin into sending a malicious request.
"X-CSRF-TOKEN" in header and also in cookie are useless and not sanitized in backend.