source: http://www.securityfocus.com/bid/64735/info Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability. Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.