letodms 3.3.6 has CSRF via change passwordReferenceshttp://www.openwall.com/lists/oss-security/2012/08/31/19https://security-tracker.debian.org/tracker/CVE-2012-4385https://vulmon.com/exploitdetails?qidtp=EDB&qid=20759
