CVE-2014-8429

Name of the Vulnerable Software and Affected Versions XEpan CMS versions 1.0.4.1, 1.0.4, 1.0.1, and earlier

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the "owner/users" page.

Recommendations For versions 1.0.4.1, 1.0.4, 1.0.1, and earlier, consider implementing a token-based validation system to prevent cross-site request forgery attacks, and restrict access to the "owner/users" page to minimize the risk of exploitation.