CVE-2013-6028

Atmail < 7.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101936
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/204950
Various Sources x_refsource_confirm
http://atmail.com/changelog/

Scores

EPSS 0.0083
EPSS Percentile 53.1%

Details

CWE
CWE-352
Status published
Products (32)
atmail/atmail 6.3.0
atmail/atmail 6.3.1
atmail/atmail 6.3.2
atmail/atmail 6.3.3
atmail/atmail 6.3.4
atmail/atmail 6.3.5
atmail/atmail 6.3.6
atmail/atmail 6.4.0
atmail/atmail 6.4.1
atmail/atmail 6.4.2
... and 22 more
Published Jan 12, 2014
Tracked Since Feb 18, 2026