Ltx-God

**Name of the Vulnerable Software and Affected Versions** Emlog versions 2.6.6 and earlier **Description** Emlog is an open source website building system. The `delete async` action lacks a call to `LoginAuth::checkToken()`, which allows for Cross-Site Request Forgery (CSRF) attacks. The vulnerable action is `delete async`. **Recommendations** Versions prior to 2.6.6 should be updated.