CVE-2018-12114by Jeremyin Security Bulletinson Posted on June 14, 2018 Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.