Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.
| CVE ID | Name | Status | References |
|---|---|---|---|
| CVE-2007-0652 | Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag. |
Assigned (20070201) | BID:22554 | URL:http://www.securityfocus.com/bid/22554 | BUGTRAQ:20070214 Secunia Research: MailEnable Web Mail Client MultipleVulnerabilities | URL:http://www.securityfocus.com/archive/1/460063/100/0/threaded | MISC:http://secunia.com/secunia_research/2007-38/advisory/ | OSVDB:33191 | URL:http://osvdb.org/33191 | SECUNIA:23998 | URL:http://secunia.com/advisories/23998 | SREASON:2258 | URL:http://securityreason.com/securityalert/2258 | VUPEN:ADV-2007-0595 | URL:http://www.vupen.com/english/advisories/2007/0595 |
Page created: