From CSRF to Unauthorized Remote Admin Access