CVE-2024-29401
xzs-mysql 3.8 is vulnerable to Insufficient Session Expiration, which allows attackers to use the session of a deleted admin to do anything.
More information : https://github.com/menghaining/PoC/blob/main/xzs-mysql/xzs-mysql%20–%20PoC.md