CVE-2019-11517 (wampserver)

WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner.
Source: NIST
CVE-2019-11517 (wampserver)