CVE-2019-9883
N/A
N/A
Summary
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to elevate privilege of specific account via useradmin/cf_new.cgi?chief=&wk_group=full&cf_name=test&cf_account=test&cf_email=&cf_acl=Management&apply_lang=&dn= without any authorizes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| OAKlouds | MailSherlock MSR35 | iSherlock-base < 1.5-328 | affected |
| OAKlouds | MailSherlock MSR35 | iSherlock-useradmin < 1.5-239 | affected |
| OAKlouds | MailSherlock MSR35 | iSherlock-sysinfo < 1.5-196 | affected |
| OAKlouds | MailSherlock MSR35 | iSherlock-user < 1.5-127 | affected |
| OAKlouds | MailSherlock MSR45 | iSherlock-base < 4.5-206 | affected |
| OAKlouds | MailSherlock MSR45 | iSherlock-useradmin < 4.5-106 | affected |
| OAKlouds | MailSherlock MSR45 | iSherlock-sysinfo < 4.5-109 | affected |
| OAKlouds | MailSherlock MSR45 | iSherlock-user < 4.5-81 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.