PT-2007-3908 · Squirrelmail+1 · Squirrelmail+1

Published

2007-05-11

Updated

2017-10-11

CVE-2007-2589

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SquirrelMail versions 1.4.0 through 1.4.9a

Description A cross-site request forgery issue exists, allowing remote attackers to send emails from arbitrary users by manipulating certain data in the SRC attribute of an IMG element in compose.php.

Recommendations For SquirrelMail versions 1.4.0 through 1.4.9a, consider disabling the compose.php functionality until a patch is available to prevent exploitation of this issue. Restrict access to the affected compose.php module to minimize the risk of unauthorized email sending.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2007-2589

DSA-1290-1

RHSA-2007:0358

RHSA-2007_0358

Affected Products

Red Hat

Squirrelmail

PT-2007-3908 · Squirrelmail+1 · Squirrelmail+1

CVE-2007-2589

Weakness Enumeration

Related Identifiers

Affected Products

References · 21