4 matches found
CVE-2002-1648
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...
squirrelmail CSRF vulnerability
I. BACKGROUND SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 with no JavaScript required for maximum compatibility across browsers. It has very few requirements and is...
CVE-2002-1648
CVE-2002-1648 describes a CSRF vulnerability in SquirrelMail’s compose.php prior to version 1.2.3. An attacker can trigger a request via an IMG URL with manipulated send_to and subject parameters to send mail as another user, exploiting cookie-based authentication. Affected software: SquirrelMail...
CVE-2002-1648
Cross-site request forgery CSRF vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified sendto and subject parameters...