Stphp · Stphp Easynews Pro · CVE-2007-3331
**Name of the Vulnerable Software and Affected Versions**
STphp EasyNews PRO version 4.0
**Description**
A cross-site request forgery (CSRF) issue allows remote attackers to change the admin password. This can be achieved via a certain HTML form that is posted automatically by JavaScript or through a news post.
**Recommendations**
For STphp EasyNews PRO version 4.0, consider disabling the ability to change the admin password via HTML forms posted by JavaScript or through news posts until a fix is available. Restrict access to admin password change functionality to minimize the risk of exploitation.