Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.
References
Link | Resource |
---|---|
http://jvn.jp/en/jp/JVN42511610/index.html | Third Party Advisory VDB Entry |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089 | Third Party Advisory VDB Entry |
http://www.acmailer.jp/info/de.cgi?id=52 | Exploit Vendor Advisory |
http://jvn.jp/en/jp/JVN42511610/index.html | Third Party Advisory VDB Entry |
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089 | Third Party Advisory VDB Entry |
http://www.acmailer.jp/info/de.cgi?id=52 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:09
Type | Values Removed | Values Added |
---|---|---|
References | () http://jvn.jp/en/jp/JVN42511610/index.html - Third Party Advisory, VDB Entry | |
References | () http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089 - Third Party Advisory, VDB Entry | |
References | () http://www.acmailer.jp/info/de.cgi?id=52 - Exploit, Vendor Advisory |
Information
Published : 2014-07-29 20:55
Updated : 2024-11-21 02:09
NVD link : CVE-2014-3896
Mitre link : CVE-2014-3896
CVE.ORG link : CVE-2014-3896
JSON object : View
Products Affected
seeds
- acmailer
CWE
CWE-352
Cross-Site Request Forgery (CSRF)