Posted by Portcullis Advisories on Sep 25

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine
CVE: CVE-2015-5075
Vendor: X2Engine Inc.
Product: X2Engine
Affected version: 4.2
Fixed version: 5.2
Reported by: Simone Quatrini
Details:

It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an
attacker being able to able to force the creation of a new administrative account.

Further details at:…