# Description
This vuln allow attacker trigger admin submitting a malicious request to create new user with any role.

# Proof of Concept
1. Attacker create malicious script with csrf payload and upload it to attacker server
httpx://attacker.server/csrf.html
2. Attacker send this link to memos admin
3. Memos admin click this link and trigger csrf attack, a user with HOST role under attacker control will be create
POC video: https://drive.google.com/file/d/1vUobMDZ3rzdbj-UfLU6-qiZD9ILqXDzK/view?usp=sharing
POC payload
“`
//CSRF.html

“`Read More