What is the severity of CVE-2006-6701?

CVE-2006-6701 is considered a medium severity vulnerability due to its ability to allow unauthorized actions by remote attackers.

How do I fix CVE-2006-6701?

To fix CVE-2006-6701, upgrade to the latest version of Atmail WebMail that addresses the CSRF vulnerability.

What types of software are affected by CVE-2006-6701?

CVE-2006-6701 affects Atmail WebMail versions 3.0, 4.0, and 4.51.

What can an attacker do with CVE-2006-6701?

An attacker exploiting CVE-2006-6701 can modify settings and perform unauthorized actions as any user within the affected application.

Is CVE-2006-6701 easy to exploit?

CVE-2006-6701 can be easily exploited using CSRF attack techniques, such as embedding malicious URLs.

Vulnerability/
CVE-2006-6701

high

7.5

CWE

352

23/12/2006

9/4/2025

CVE-2006-6701: CSRF

First published: Sat Dec 23 2006(Updated: )

Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Jason Flatt Basic Webmail	=3.0
Jason Flatt Basic Webmail	=4.51
Jason Flatt Basic Webmail	=4.0
	=3.0
	=4.0
	=4.51

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-6701?
CVE-2006-6701 is considered a medium severity vulnerability due to its ability to allow unauthorized actions by remote attackers.
How do I fix CVE-2006-6701?
To fix CVE-2006-6701, upgrade to the latest version of Atmail WebMail that addresses the CSRF vulnerability.
What types of software are affected by CVE-2006-6701?
CVE-2006-6701 affects Atmail WebMail versions 3.0, 4.0, and 4.51.
What can an attacker do with CVE-2006-6701?
An attacker exploiting CVE-2006-6701 can modify settings and perform unauthorized actions as any user within the affected application.
Is CVE-2006-6701 easy to exploit?
CVE-2006-6701 can be easily exploited using CSRF attack techniques, such as embedding malicious URLs.

agent/references
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/description
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/source
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
vendor/atmail
canonical/jason flatt basic webmail
version/jason flatt basic webmail/3.0
version/jason flatt basic webmail/4.51
version/jason flatt basic webmail/4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.