Description
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.citadel.org/
Exploit, Vendor Advisory x_refsource_misc
http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834
Scores
CVSS v3
6.5
EPSS
0.0016
EPSS Percentile
36.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-639
Status
published
Products (1)
citadel/webcit
< 926
Published
Oct 28, 2020
Tracked Since
Feb 18, 2026