qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/myAccount/update URI.Referenceshttp://packetstormsecurity.com/files/166630/qdPM-9.2-Cross-Site-Request-Forgery.htmlhttps://www.exploit-db.com/exploits/50854
