CVE-2022-43340 Information

Description

A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.

Reference

https://github.com/zyx0814/dzzoffice https://github.com/zyx0814/dzzoffice/issues/223 http://dzzoffice.com