Unknown
CVE-2009-2964
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- squirrelmail
Products
- squirrelmail,
- squirrelmail 0.1.1,
- squirrelmail 0.1.2,
- squirrelmail 1.0,
- squirrelmail 1.0.1,
- squirrelmail 1.0.2,
- squirrelmail 1.0.3,
- squirrelmail 1.0.4,
- squirrelmail 1.0.5,
- squirrelmail 1.0.6,
- squirrelmail 1.0pre1,
- squirrelmail 1.0pre2,
- squirrelmail 1.0pre3,
- squirrelmail 1.1.0,
- squirrelmail 1.1.1,
- squirrelmail 1.1.2,
- squirrelmail 1.1.3,
- squirrelmail 1.2,
- squirrelmail 1.2.0,
- squirrelmail 1.2.0 rc3,
- squirrelmail 1.2.1,
- squirrelmail 1.2.10,
- squirrelmail 1.2.11,
- squirrelmail 1.2.2,
- squirrelmail 1.2.3,
- squirrelmail 1.2.4,
- squirrelmail 1.2.5,
- squirrelmail 1.2.6,
- squirrelmail 1.2.6-rc1,
- squirrelmail 1.2.7,
- squirrelmail 1.2.8,
- squirrelmail 1.2.9,
- squirrelmail 1.3.0,
- squirrelmail 1.3.1,
- squirrelmail 1.3.2,
- squirrelmail 1.4,
- squirrelmail 1.4 rc1,
- squirrelmail 1.4.0,
- squirrelmail 1.4.0 rc1,
- squirrelmail 1.4.0 rc2a,
- squirrelmail 1.4.0-r1,
- squirrelmail 1.4.1,
- squirrelmail 1.4.10,
- squirrelmail 1.4.10a,
- squirrelmail 1.4.11,
- squirrelmail 1.4.12,
- squirrelmail 1.4.13,
- squirrelmail 1.4.15,
- squirrelmail 1.4.15 rc1,
- squirrelmail 1.4.15rc1,
- squirrelmail 1.4.16,
- squirrelmail 1.4.17,
- squirrelmail 1.4.18,
- squirrelmail 1.4.2,
- squirrelmail 1.4.2-r1,
- squirrelmail 1.4.2-r2,
- squirrelmail 1.4.2-r3,
- squirrelmail 1.4.2-r4,
- squirrelmail 1.4.2-r5,
- squirrelmail 1.4.3,
- squirrelmail 1.4.3 r3,
- squirrelmail 1.4.3 rc1,
- squirrelmail 1.4.3a,
- squirrelmail 1.4.3aa,
- squirrelmail 1.4.4,
- squirrelmail 1.4.4 rc1,
- squirrelmail 1.4.5,
- squirrelmail 1.4.5 rc1,
- squirrelmail 1.4.6,
- squirrelmail 1.4.6 cvs,
- squirrelmail 1.4.6 rc1,
- squirrelmail 1.4.7,
- squirrelmail 1.4.8,
- squirrelmail 1.4.8.4fc6,
- squirrelmail 1.4.9,
- squirrelmail 1.4.9a
References
Advisory
