PT-2007-3908 · Squirrelmail+1 · Squirrelmail+1
Publicado
2007-05-11
·
Atualizado
2017-10-11
·
CVE-2007-2589
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SquirrelMail versions 1.4.0 through 1.4.9a
Description
A cross-site request forgery issue exists, allowing remote attackers to send emails from arbitrary users by manipulating certain data in the SRC attribute of an IMG element in compose.php.
Recommendations
For SquirrelMail versions 1.4.0 through 1.4.9a, consider disabling the compose.php functionality until a patch is available to prevent exploitation of this issue. Restrict access to the affected compose.php module to minimize the risk of unauthorized email sending.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat
Squirrelmail