Cross-site request forgery in WallacePOS 1.4.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a cr