CSRF token bypass in GeniXCMS prior to 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.
metalgenix genixcms