PT-2012-5177 · Socketmail · Socketmail Pro
Published
2012-07-25
·
Updated
2017-08-29
·
CVE-2012-4059
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SocketMail Pro version 2.2.9
Description
A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack user authentication for requests that modify security questions and answers. This is achieved via an
upd action in the home/secretqtn.php file.Recommendations
For SocketMail Pro version 2.2.9, consider disabling the
upd action in the home/secretqtn.php file as a temporary workaround until a patch is available. Restrict access to the home/secretqtn.php file to minimize the risk of exploitation.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Socketmail Pro