# Affected software: evo cms # Type of vulnerability: adding new admin (csrf) # URL: http://www.evo-german.com/ # Discovered by: Provensec # Website: http://www.provensec.com #version:EVO-CMS 2.1.0 # Proof of concept attacker was able to add new admin as there were no protection against csrf poc poc: