Eight10

**Name of the Vulnerable Software and Affected Versions** EQdkp versions 1.3.1 and earlier **Description** The issue allows remote attackers to read or modify account names and passwords by spoofing the HTTP Referer header, which is used for administrative request authentication. **Recommendations** For EQdkp versions 1.3.1 and earlier, consider implementing proper authentication mechanisms that do not rely solely on the HTTP Referer header to verify administrative requests. As a temporary workaround, restrict access to administrative functions to minimize the risk of exploitation.