logo
DATABASE RESOURCES PRICING ABOUT US

Cross-site Request Fogery (CSRF)

Description

squirrelmail is vulnerable to cross-site request forgery (CSRF). The vulnerability exists as it was found that the SquirrelMail Empty Trash and Index Order pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into SquirrelMail, into visiting a specially-crafted URL, the attacker could empty the victim's trash folder or alter the ordering of the columns on the message index page.


Affected Software


CPE Name Name Version
squirrelmail 1.4.8__5.el4_8.8
squirrelmail 1.4.8__4.el5
squirrelmail 1.4.6__7.el4
squirrelmail 1.4.8__4.el4
squirrelmail 1.4.8__5.el4_7.3
squirrelmail 1.4.8__5.el4_7.2
squirrelmail 1.4.8__2.el4
squirrelmail 1.4.8__5.el4_8.5
squirrelmail 1.4.6__5.el4
squirrelmail 1.4.8__4.0.1.el4
squirrelmail 1.4.8__4.0.1.el5
squirrelmail 1.4.8__5.el4_8.8
squirrelmail 1.4.8__4.el5
squirrelmail 1.4.6__7.el4
squirrelmail 1.4.8__4.el4
squirrelmail 1.4.8__5.el4_7.3
squirrelmail 1.4.8__5.el4_7.2
squirrelmail 1.4.8__2.el4
squirrelmail 1.4.8__5.el4_8.5
squirrelmail 1.4.6__5.el4
squirrelmail 1.4.8__4.0.1.el4
squirrelmail 1.4.8__4.0.1.el5

Related