flusity-CMS v2.33 exists to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php