CVE-2007-3331

Name of the Vulnerable Software and Affected Versions STphp EasyNews PRO version 4.0

Description A cross-site request forgery (CSRF) issue allows remote attackers to change the admin password. This can be achieved via a certain HTML form that is posted automatically by JavaScript or through a news post.

Recommendations For STphp EasyNews PRO version 4.0, consider disabling the ability to change the admin password via HTML forms posted by JavaScript or through news posts until a fix is available. Restrict access to admin password change functionality to minimize the risk of exploitation.