CVE-2008-5568

IPN Pro 3 <1.44 - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · phpwebappsphp
https://www.exploit-db.com/exploits/7364

References (3)

Scores

EPSS 0.0045
EPSS Percentile 63.2%

Classification

CWE
CWE-352
Status draft

Affected Products (1)

ipn-mate/ipn_pro_3 < 1.44

Timeline

Published Dec 15, 2008
Tracked Since Feb 18, 2026