Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
https://exchange.xforce.ibmcloud.com/vulnerabilities/74567
http://www.vulnerability-lab.com/get_content.php?id=487