Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.Referenceshttp://www.securityfocus.com/bid/99984https://github.com/curlyboi/hashtopus/issues/63
