Limny CMS version 2.0 suffers from a cross site request forgery vulnerability that allows for a malicious attacker to have an administrator account created. Proof of concept code included.
9d7e9fbfc073fc42e11f8165efe7cb7c1b21309f2916937abe9248fe8878b6c6