CSRF vulnerability in Otcms v3.85
Description:Otcms v3.85 have CSRF via Admin Panel lead to create new admin account
Use the Google Chrome open this test site.download this version（
http://d.otcms.com/php/OTCMS_PHP_V3.85.rar) and build a test site.And we can login in Admin Panel
1、Fake an html such as this.
2、Once the logged in user opens the URL the form will get submitted with active session of administrator and action get performed successfully.