Flyspray 0.9.9.6 - Cross-Site Request Forgery via Admin User Creation
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.