CVE-2008-5568 Information

Description

Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id newpass_1 and newpass_2 parameters.

Reference

http://secunia.com/advisories/33039 http://securityreason.com/securityalert/4735 https://www.exploit-db.com/exploits/7364