Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.
https://exchange.xforce.ibmcloud.com/vulnerabilities/49947
http://www.securityfocus.com/bid/34566
http://secunia.com/advisories/34744
http://razorcms.co.uk/support/viewtopic.php?f=13&t=325