CVE-2015-4659
ClickHeat 1.14 and earlier is affected by a CSRF vulnerability that allows remote attackers to hijack the administrator’s session and change the administrator password via a config action to index.php. The issue is described across multiple sources (NVD/CNVD et al.) as a cross-site request forger...