Aryan Bayaninejad

**Name of the Vulnerable Software and Affected Versions** Auto-Exchanger version 5.1.0 **Description** A cross-site request forgery issue allows remote attackers to hijack user authentication for requests that change passwords via a request to "signup.php". **Recommendations** For Auto-Exchanger version 5.1.0, consider implementing proper CSRF token validation to prevent unauthorized password changes. As a temporary workaround, restrict access to the "signup.php" endpoint to minimize the risk of exploitation.