CVE-2014-3896

Seeds acmailer <3.8.17, <3.9.10 - CSRF

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.

References (3)

Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://www.acmailer.jp/info/de.cgi?id=52
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN42511610/index.html

Scores

EPSS 0.0092
EPSS Percentile 56.2%

Details

CWE
CWE-352
Status published
Products (1)
seeds/acmailer 3.8.0 - 3.8.17
Published Jul 29, 2014
Tracked Since Feb 18, 2026