Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding an administrator account via an add action to admin/accounts/add/.
archives.neohapsis.com/archives/bugtraq/2012-10/0096.html
packetstormsecurity.org/files/116433
packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html
secunia.com/advisories/51013
www.osvdb.org/85999
www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html
www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5106.php
exchange.xforce.ibmcloud.com/vulnerabilities/78469
exchange.xforce.ibmcloud.com/vulnerabilities/79469
www.htbridge.com/advisory/HTB23113