CVE-2017-11679

Name of the Vulnerable Software and Affected Versions Hashtopus version 1.5g

Description A Cross-Site Request Forgery (CSRF) issue exists, allowing unauthorized actions via the password parameter to "admin.php" in an "a=config" action.

Recommendations For version 1.5g, consider restricting access to the "admin.php" endpoint to minimize the risk of exploitation, and avoid using the password parameter in this endpoint until the issue is resolved.