Description
Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://www.acmailer.jp/info/de.cgi?id=52
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN42511610/index.html
Scores
EPSS
0.0092
EPSS Percentile
56.2%
Details
CWE
CWE-352
Status
published
Products (1)
seeds/acmailer
3.8.0 - 3.8.17
Published
Jul 29, 2014
Tracked Since
Feb 18, 2026