wellcms v2.2.0 has a vulnerability, Cross-site request forgery(CSRF)

version:2.2.0
position:Background - > manage users - > create users
![image](https://user-images.githubusercontent.com/60609675/180605647-be7b3ed5-4c69-4afb-813f-ef3c9f3925ad.png)
![image](https://user-images.githubusercontent.com/60609675/180605734-37112265-2247-448b-bacc-62a7f3579a10.png)
add a new users, and grab a package.
![image](https://user-images.githubusercontent.com/60609675/180605776-351a6054-0fe9-45dd-9ae7-0c6b58f025f6.png)
![image](https://user-images.githubusercontent.com/60609675/180605785-f11e939c-6c22-4f49-aa68-de31cb1f7e26.png)
use CSRF poc,and drop the package.
![image](https://user-images.githubusercontent.com/60609675/180605804-7b88acf0-0fc1-4e53-9e57-81e85a197005.png)
![image](https://user-images.githubusercontent.com/60609675/180605816-f27befd2-4808-400b-82e3-b83e70d5c847.png)
submit request.
![image](https://user-images.githubusercontent.com/60609675/180605831-8ba8d995-2995-479b-83c1-3f283494a161.png)
![image](https://user-images.githubusercontent.com/60609675/180605855-1822d302-c9c5-40fb-a4f0-f702fdfa2125.png)
success add a new user(administrator).
![image](https://user-images.githubusercontent.com/60609675/180605890-085168b8-eb1b-4d9f-8100-e3e8f2002f0a.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

wellcms v2.2.0 has a vulnerability, Cross-site request forgery(CSRF) #11

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development