PHP version changer

[ccr1969]

like i said 3 of them are using Suhosin Php 7 is for testing
and Remember the Sentora panel is secured to Suhosin it is the default the other versions run on domains the user specifies it to run  on as in example post  
domain1.com php 5.5
domain2.com php 7
and so on now the Sentora panel is secured by its Suhosin patch Also there is other methods to secure a server not just the so mentioned

Security is not just for panels but all sites

i hope that makes sense to you

there is some security issues iam looking into

Code:

Login Cross Site Request Forgery (CSRF/XSRF)
What does this mean?
The web site seems to be lacking CSRF token on a login form.

What can happen?
An attacker can force an unsuspecting user to sign in to the attacker's account. What can be done
from there depends on the application. Example: An attacker can force an unsuspecting user to login
to the attacker's account, when the user then buys something the credit card is added to the attacker's
account.
Summary
Entry Found at CVSS
1 http://xxxxxxxx.tk/ 6.2
2 http://xxxxxxxxxxxx.tk/index.php 6.2
3 https://xxxxxxxxx/ 6.2
1. Login Cross Site Request Forgery (CSRF/XSRF)
Summary
Found at
http://xxxxxxxxx/
CVSS
6.2 of 10.0
Request Headers
GET / HTTP/1.1
Accept text/html application/xhtml+xml application/xml; q=0.9 image/webp */*; q=0.8
User-Agent Mozilla/5.0 (compatible; Detectify)

Host xxxxxxxx.tk
Cache-Control no-store, no-cache
Pragma no-cache
Accept-Encoding gzip deflate
Connection Keep-Alive
Response Headers
HTTP/1.1 200 OK
Pragma no-cache
Vary Accept-Encoding,User-Agent
Content-Encoding gzip
Keep-Alive timeout=15, max=150
Connection Keep-Alive
Content-Length 1860
Content-Type text/html; charset=UTF-8
Date Tue, 09 Feb 2016 01:50:17 GMT
Expires Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie PHPSESSID=xxxxxxxxxxxxxxxxxx; path=/
Server Apache/2.4.17 (Win32) mod_antiloris/0.6.0 mod_fcgid/2.3.9 OpenSSL/1.0.2e
PHP/5.6.15
X-Powered-By PHP/5.6.15
Details
<form role="form" method="post" name="frmZForgot" id="frmZForgot" style="display: none;">
<div class="form-group">
<label for="inPassword">E-mail:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-mail"></i></span>
<input type="text" class="form-control" id="inputEmail" name="inForgotPassword"
placeholder="Email" required="">
</div>
</div>
<div class="form-group text-right">
<a href="javascript:void(0);" id="backtologin">(Back To Login)</a>
</div>
<button type="submit" class="btn btn-primary pull-right btn-margin" name="sublogin2"
value="LogIn">Sign in</button>
<input type="hidden" name="csfr_token"
value="8uu3y7kcg7a4wfugv0uwltexarrjskydic9kzeuskcludf7ckp"> </form>
<form role="form" method="post" name="frmZLogin" id="frmZLogin">
<div class="form-group">
<label for="inputUsername">Username:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-user-male"></i></span>
<input type="text" class="form-control" id="inputUsername" name="inUsername"
placeholder="Username" required="">
</div>
</div>
<div class="form-group">
<label for="inPassword">Password:</label>
<div class="input-group merged">
<span class="input-group-addon"><i class="icon-key-1"></i></span>
<input type="password" class="form-control" id="inPassword" name="inPassword"
placeholder="Password" required="">
</div>
</div>
<div class="form-group text-right">
<a href="javascript:void(0);" id="forgotpw">(forgot password)</a>
</div>
<div class="form-group">
<input type="checkbox" data-label="Remember Me" name="inRemember"
value="1">Remember me
</div>
<div class="form-group">
<input type="checkbox" data-label="Enable Session Security"
name="inSessionSecurity" checked="">Enable Session Security
</div>
<button type="submit" class="btn btn-primary pull-right btn-margin" name="sublogin2"
value="LogIn">Sign in</button>
<input type="hidden" name="csfr_token"
value="8uu3y7kcg7a4wfugv0uwltexarrjskydic9kzeuskcludf7ckp"> </form>