CVE-2008-5567

Bonza Cart < 1.10 - Cross-Site Request Forgery via Admin Password Change

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5567. PoCs published by G4N0K.

AI-analyzed exploit summary This exploit targets a vulnerability in Bonza Cart <= 1.10, allowing an attacker to change the admin password. The code contains an obfuscated payload that, when decoded and executed, likely performs the password change by exploiting an unspecified vulnerability in the software.

Description

Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · phpwebappsphp
https://www.exploit-db.com/exploits/7366

This exploit targets a vulnerability in Bonza Cart <= 1.10, allowing an attacker to change the admin password. The code contains an obfuscated payload that, when decoded and executed, likely performs the password change by exploiting an unspecified vulnerability in the software.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Bonza Cart <= 1.10
No auth needed
Prerequisites: Access to the target Bonza Cart installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7366
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4731
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33037

Scores

EPSS 0.0099
EPSS Percentile 58.0%

Details

CWE
CWE-352
Status published
Products (1)
bonzacart/bonza_cart < 1.10
Published Dec 15, 2008
Tracked Since Feb 18, 2026