CVE-2018-6563

HIGH

totemo encryption_gateway < 6.0.0 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6563. PoCs published by Compass Security.

AI-analyzed exploit summary This is a working proof-of-concept for a CSRF vulnerability in totemomail Encryption Gateway. It demonstrates how an attacker can craft a malicious web page to execute unauthorized actions on behalf of a logged-in user by replaying a sequence of requests.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.

Exploits (1)

exploitdb WORKING POC

by Compass Security · htmlwebappsasp

https://www.exploit-db.com/exploits/44631

View Code ZIP pw:eip

This is a working proof-of-concept for a CSRF vulnerability in totemomail Encryption Gateway. It demonstrates how an attacker can craft a malicious web page to execute unauthorized actions on behalf of a logged-in user by replaying a sequence of requests.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: totemomail Encryption Gateway 6.0.0_Build_371

Auth required

Prerequisites: Victim must be logged into the totemomail webmail interface · Attacker must craft a malicious web page and trick the victim into visiting it

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →