VULHUB ™

CVE(CAN) ID: CVE-2009-2964 SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail没有正确地过滤用户向多个表单（发送消息、更改偏好等）所提交的内容，远程攻击者可以通过跨站请求伪造攻击执行删除邮件、发送邮件等操作。以下是受影响的页面： functions/mailbox_display.php src/addrbook_search_html.php src/addressbook.php src/compose.php src/folders.php src/folders_create.php src/folders_delete.php src/folders_rename_do.php src/folders_rename_getname.php src/folders_subscribe.php src/move_messages.php src/options.php src/options_highlight.php src/options_identities.php src/options_order.php src/search.php src/vcard.php SquirrelMail <= 1.4.19 厂商补丁： SquirrelMail ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818

CVE(CAN) ID: CVE-2009-2964 SquirrelMail是一款PHP编写的WEBMAIL程序。 SquirrelMail没有正确地过滤用户向多个表单（发送消息、更改偏好等）所提交的内容，远程攻击者可以通过跨站请求伪造攻击执行删除邮件、发送邮件等操作。以下是受影响的页面： functions/mailbox_display.php src/addrbook_search_html.php src/addressbook.php src/compose.php src/folders.php src/folders_create.php src/folders_delete.php src/folders_rename_do.php src/folders_rename_getname.php src/folders_subscribe.php src/move_messages.php src/options.php src/options_highlight.php src/options_identities.php src/options_order.php src/search.php src/vcard.php SquirrelMail <= 1.4.19 厂商补丁： SquirrelMail ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13818