Vulnerabilities > CVE-2002-1648 - Unspecified vulnerability in Squirrelmail 1.2.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
squirrelmail

Summary

Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.

Vulnerable Configurations

Part Description Count
Application
Squirrelmail
1

Statements

contributorMark J Cox
lastmodified2006-08-30
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.