An issue exists in Joomla! prior to 3.8.13. com_installer actions do not have sufficient CSRF hardening in the backend.
joomla joomla\\!