CVE-2015-1583
ATutor LCMS 2.2 is affected by CSRF in two admin-facing endpoints (mods/_core/users/admins/create.php and mods/_core/users/create_user.php). The root cause is cross-site request forgery that allows an authenticated admin context to create either another administrator (super admin) or a new instru...