CVE-2002-1648

Опубликовано: 31 дек. 2002

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html
Exploit
http://www.kb.cert.org/vuls/id/153043
US Government Resource
http://www.securityfocus.com/bid/3956
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7989
http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html
Exploit
http://www.kb.cert.org/vuls/id/153043
US Government Resource
http://www.securityfocus.com/bid/3956
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/7989

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squirrelmail:squirrelmail:1.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01268

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2002-1648

debian

почти 23 года назад

Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...

GHSA-777c-m2xj-3qhf

github

больше 3 лет назад