PT-2012-5177 · Socketmail · Socketmail Pro
Publicado
2012-07-25
·
Atualizado
2017-08-29
·
CVE-2012-4059
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SocketMail Pro version 2.2.9
Description
A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack user authentication for requests that modify security questions and answers. This is achieved via an
upd action in the home/secretqtn.php file.Recommendations
For SocketMail Pro version 2.2.9, consider disabling the
upd action in the home/secretqtn.php file as a temporary workaround until a patch is available. Restrict access to the home/secretqtn.php file to minimize the risk of exploitation.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Socketmail Pro