Cross-site request forgery (CSRF) vulnerability in admin/settings.php in DL PayCart 1.34 and previous versions allows remote malicious users to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dinkumsoft dl paycart 1.01 |
||
dinkumsoft dl paycart |