CVE-2009-2964

SquirrelMail < 1.4.19 - Cross-Site Request Forgery via Multiple Endpoints

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.

References (29)

Core 29
Core References
Various Sources x_refsource_confirm
https://gna.org/forum/forum.php?forum_id=2146
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52406
Patch, Vendor Advisory x_refsource_confirm
http://www.squirrelmail.org/security/issue/2009-08-12
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2262
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1481
Various Sources x_refsource_confirm
http://download.gna.org/nasmail/nasmail-1.7.zip
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN30881447/index.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34627
Issue Tracking x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543818
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2091
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:222
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4188
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10668
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40220
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/60469
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40964
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2080
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36196
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37415
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36363
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3315
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/57001
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002207.html

Scores

EPSS 0.0152
EPSS Percentile 71.6%

Details

CWE
CWE-352
Status published
Products (46)
squirrelmail/squirrelmail 0.1.1
squirrelmail/squirrelmail 0.1.2
squirrelmail/squirrelmail 1.0
squirrelmail/squirrelmail 1.0.1
squirrelmail/squirrelmail 1.0.2
squirrelmail/squirrelmail 1.0.3
squirrelmail/squirrelmail 1.0.4
squirrelmail/squirrelmail 1.0.5
squirrelmail/squirrelmail 1.0.6
squirrelmail/squirrelmail 1.0pre1
... and 36 more
Published Aug 25, 2009
Tracked Since Feb 18, 2026