CVE-2017-9519by Jeremyin Security Bulletinson Posted on June 8, 2017 atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.