An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account.
{ "source": "CPE_STRING", "cpe": "cpe:2.3:a:popojicms:popojicms:2.0.1:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "2.0.1" }, { "last_affected": "2.0.1" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-18935.json"