First published: Sat Dec 23 2006(Updated: )
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Atmail Atmail Webmail | =3.0 | |
Atmail Atmail Webmail | =4.51 | |
Atmail Atmail Webmail | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.