logo
DATABASE RESOURCES PRICING ABOUT US

Cross-site Request Forgery (CSRF)

Description

SquirrelMail is vulnerable to cross-site request forgery (CSRF). Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission.


Affected Software


CPE Name Name Version
squirrelmail 1.4.8__4.el5
squirrelmail 1.4.6__5.el3
squirrelmail 1.4.6__7.el4
squirrelmail 1.4.8__4.el3
squirrelmail 1.4.8__8.el3
squirrelmail 1.4.8__4.el4
squirrelmail 1.4.8__9.el3
squirrelmail 1.4.8__13.el3
squirrelmail 1.4.8__6.el3
squirrelmail 1.4.8__2.el3
squirrelmail 1.4.6__7.el3
squirrelmail 1.4.8__2.el4
squirrelmail 1.4.6__5.el4
squirrelmail 1.4.8__4.0.1.el4
squirrelmail 1.4.8__4.0.1.el5
squirrelmail 1.4.8__4.el5
squirrelmail 1.4.6__5.el3
squirrelmail 1.4.6__7.el4
squirrelmail 1.4.8__4.el3
squirrelmail 1.4.8__8.el3
squirrelmail 1.4.8__4.el4
squirrelmail 1.4.8__9.el3
squirrelmail 1.4.8__13.el3
squirrelmail 1.4.8__6.el3
squirrelmail 1.4.8__2.el3
squirrelmail 1.4.6__7.el3
squirrelmail 1.4.8__2.el4
squirrelmail 1.4.6__5.el4
squirrelmail 1.4.8__4.0.1.el4
squirrelmail 1.4.8__4.0.1.el5

Related