genix/cms is vulnerable to cross-site request forgery (CSRF). An improper fix to a previous vulnerability CVE-2015-2680 allows an attacker with any valid anti-CSRF tokens to perform a CSRF attack on another user and submit requests on behalf of the user.