Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.Referenceshttp://packetstorm.linuxsecurity.com/0808-exploits/omcd-xssxsrf.txthttp://secunia.com/advisories/31719
