Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.
https://www.exploit-db.com/exploits/46739/
http://www.iwantacve.cn/index.php/archives/198/
http://packetstormsecurity.com/files/152604/Msvod-10-Cross-Site-Request-Forgery.html