HIGH
Cmsmadesimple
CVE published 2017-01-16
CVE-2016-7904
CVE-2016-7904 describes a cross-site request forgery (CSRF) issue in CMS Made Simple that affects versions through 2.1.5. The vulnerable flow involves admin/adduser.php, where an attacker can induce an authenticated administrator to submit a request that creates accounts. The vendor reference and CVE description indicate the issue is addressed in 2.1.6.