CVE-2019-12923

Name of the Vulnerable Software and Affected Versions MailEnable Enterprise Premium version 10.23

Description The issue allows an attacker to manipulate a user into performing unintended actions within the application, such as sending email, adding contacts, or changing settings. This is possible due to a flawed implementation of the cross-site request forgery (CSRF) protection mechanism, which can be bypassed by removing the anti-CSRF token parameter from the request.

Recommendations For MailEnable Enterprise Premium version 10.23, as a temporary workaround, consider implementing additional validation checks to ensure the presence and validity of the anti-CSRF token parameter in requests. Restrict access to sensitive actions within the application to minimize the risk of exploitation.