A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows attackers to arbitrarily create user accounts and grant Administrator rights to regular users.Referenceshttps://github.com/zyx0814/dzzofficehttps://github.com/zyx0814/dzzoffice/issues/223