CVE-2010-2039
gpEasy CMS versions 1.6.2, 1.6.1 and earlier are vulnerable to Cross-site request forgery (CSRF) that lets remote attackers hijack administrator sessions via an Admin_Users action to index.php and create new admin users. Root cause: CSRF in the administrative user-creation flow, enabling unauthor...