CVE-2015-5075

Name of the Vulnerable Software and Affected Versions X2Engine X2CRM versions prior to 5.2

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to "index.php/users/create".

Recommendations For versions prior to 5.2, update to version 5.2 or later to resolve the issue.