Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4059

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4059
Last Modified 30 Jul 2012 12:00:00
Published 25 Jul 2012 05:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4059

Summary

Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.

Vulnerable Systems

Application

  • Socketmail 2.2.9


References

XF - socketmailpro-secretqtn-csrf(75114)

OSVDB - 81531

MISC - http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html


Last Updated: 27 May 2016 10:57:34