xGB.php in xGB 2.0 does not require authentication for an admin edit action, which allows remote malicious users to make unspecified changes via an unknown series of steps.
xgb xgb 2.0