EmpireCMS 7.5 allows CSRF for adding a user account via an enews=AddUser action to e/admin/user/ListUser.php, a similar issue to CVE-2018-16339.Referenceshttps://github.com/w3irdo001/demo/blob/master/3.html
