Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail 1.4.0 through 1.4.9a allows remote attackers to send e-mails from arbitrary users via certain data in the SRC attribute of an IMG element.
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Squirrelmail | Squirrelmail | 1.4.0 (including) | 1.4.0 (including) |
Squirrelmail | Squirrelmail | 1.4.1 (including) | 1.4.1 (including) |
Squirrelmail | Squirrelmail | 1.4.2 (including) | 1.4.2 (including) |
Squirrelmail | Squirrelmail | 1.4.3 (including) | 1.4.3 (including) |
Squirrelmail | Squirrelmail | 1.4.3_r3 (including) | 1.4.3_r3 (including) |
Squirrelmail | Squirrelmail | 1.4.3_rc1 (including) | 1.4.3_rc1 (including) |
Squirrelmail | Squirrelmail | 1.4.3a (including) | 1.4.3a (including) |
Squirrelmail | Squirrelmail | 1.4.3aa (including) | 1.4.3aa (including) |
Squirrelmail | Squirrelmail | 1.4.4 (including) | 1.4.4 (including) |
Squirrelmail | Squirrelmail | 1.4.4_rc1 (including) | 1.4.4_rc1 (including) |
Squirrelmail | Squirrelmail | 1.4.5 (including) | 1.4.5 (including) |
Squirrelmail | Squirrelmail | 1.4.6 (including) | 1.4.6 (including) |
Squirrelmail | Squirrelmail | 1.4.6_cvs (including) | 1.4.6_cvs (including) |
Squirrelmail | Squirrelmail | 1.4.6_rc1 (including) | 1.4.6_rc1 (including) |
Squirrelmail | Squirrelmail | 1.4.7 (including) | 1.4.7 (including) |
Squirrelmail | Squirrelmail | 1.4.8 (including) | 1.4.8 (including) |
Squirrelmail | Squirrelmail | 1.4.9 (including) | 1.4.9 (including) |
Squirrelmail | Squirrelmail | 1.4.9a (including) | 1.4.9a (including) |