CVE-2018-12628

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.
Source: NIST
CVE-2018-12628