CVE-2012-4059
SocketMail Pro 2.2.9 - Cross-Site Request Forgery via Secret Question Update
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75114
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/81531
Scores
EPSS
0.0069
EPSS Percentile
48.6%
Details
CWE
CWE-352
Status
published
Products (1)
socketmail/socketmail
2.2.9
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026