CVE-2002-1648

Name of the Vulnerable Software and Affected Versions SquirrelMail versions prior to 1.2.3

Description A cross-site request forgery issue exists, allowing remote attackers to send email as other users. This is achieved via an IMG URL with modified send to and subject parameters.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the compose.php module to minimize the risk of exploitation. Avoid using the send to and subject parameters in the affected module until the issue is resolved.