Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and previous versions, and NaSMail prior to 1.7, allow remote malicious users to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
squirrelmail squirrelmail 1.4.7 |
||
squirrelmail squirrelmail 1.4.6_rc1 |
||
squirrelmail squirrelmail 1.4.4 |
||
squirrelmail squirrelmail 1.4.3aa |
||
squirrelmail squirrelmail 1.4_rc1 |
||
squirrelmail squirrelmail 1.4 |
||
squirrelmail squirrelmail 1.4.6_cvs |
||
squirrelmail squirrelmail 1.4.6 |
||
squirrelmail squirrelmail 1.4.3a |
||
squirrelmail squirrelmail 1.4.3_rc1 |
||
squirrelmail squirrelmail 1.4.2-r4 |
||
squirrelmail squirrelmail 1.4.2-r3 |
||
squirrelmail squirrelmail 1.4.15 |
||
squirrelmail squirrelmail 1.4.12 |
||
squirrelmail squirrelmail 1.4.0 |
||
squirrelmail squirrelmail 1.2.9 |
||
squirrelmail squirrelmail 1.2.8 |
||
squirrelmail squirrelmail 1.2.11 |
||
squirrelmail squirrelmail 1.2.10 |
||
squirrelmail squirrelmail 1.1.2 |
||
squirrelmail squirrelmail 1.1.1 |
||
squirrelmail squirrelmail 1.0.4 |
||
squirrelmail squirrelmail 1.0.3 |
||
squirrelmail squirrelmail 1.4.13 |
||
squirrelmail squirrelmail |
||
squirrelmail squirrelmail 1.4.3 |
||
squirrelmail squirrelmail 1.4.2-r5 |
||
squirrelmail squirrelmail 1.4.16 |
||
squirrelmail squirrelmail 1.4.15_rc1 |
||
squirrelmail squirrelmail 1.4.0_rc2a |
||
squirrelmail squirrelmail 1.4.0_rc1 |
||
squirrelmail squirrelmail 1.3.1 |
||
squirrelmail squirrelmail 1.3.0 |
||
squirrelmail squirrelmail 1.2.4 |
||
squirrelmail squirrelmail 1.2.3 |
||
squirrelmail squirrelmail 1.2.2 |
||
squirrelmail squirrelmail 1.2 |
||
squirrelmail squirrelmail 1.1.3 |
||
squirrelmail squirrelmail 1.0.6 |
||
squirrelmail squirrelmail 1.0.5 |
||
squirrelmail squirrelmail 1.4.18 |
||
squirrelmail squirrelmail 1.4.15rc1 |
||
squirrelmail squirrelmail 1.4.8.4fc6 |
||
squirrelmail squirrelmail 1.4.8 |
||
squirrelmail squirrelmail 1.4.4_rc1 |
||
squirrelmail squirrelmail 1.4.2 |
||
squirrelmail squirrelmail 1.4.17 |
||
squirrelmail squirrelmail 1.4.10 |
||
squirrelmail squirrelmail 1.4.1 |
||
squirrelmail squirrelmail 1.3.2 |
||
squirrelmail squirrelmail 1.2.6 |
||
squirrelmail squirrelmail 1.2.5 |
||
squirrelmail squirrelmail 1.2.0 |
||
squirrelmail squirrelmail 1.0pre2 |
||
squirrelmail squirrelmail 1.0pre1 |
||
squirrelmail squirrelmail 1.0 |
||
squirrelmail squirrelmail 0.1.2 |
||
squirrelmail squirrelmail 0.1.1 |
||
squirrelmail squirrelmail 1.4.9a |
||
squirrelmail squirrelmail 1.4.9 |
||
squirrelmail squirrelmail 1.4.5_rc1 |
||
squirrelmail squirrelmail 1.4.5 |
||
squirrelmail squirrelmail 1.4.3_r3 |
||
squirrelmail squirrelmail 1.4.2-r2 |
||
squirrelmail squirrelmail 1.4.2-r1 |
||
squirrelmail squirrelmail 1.4.11 |
||
squirrelmail squirrelmail 1.4.10a |
||
squirrelmail squirrelmail 1.4.0-r1 |
||
squirrelmail squirrelmail 1.2.7 |
||
squirrelmail squirrelmail 1.2.6-rc1 |
||
squirrelmail squirrelmail 1.2.1 |
||
squirrelmail squirrelmail 1.2.0_rc3 |
||
squirrelmail squirrelmail 1.1.0 |
||
squirrelmail squirrelmail 1.0pre3 |
||
squirrelmail squirrelmail 1.0.2 |
||
squirrelmail squirrelmail 1.0.1 |
Vulmon