CVE-2008-5565 Information

Description

Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin NewPass1 and NewPass2 parameters.

Reference

http://secunia.com/advisories/33038 http://securityreason.com/securityalert/4730 https://www.exploit-db.com/exploits/7365