CVE-2019-9882

CVE-2019-9882: Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.

Vendor Oaklouds

Product MailSherlock MSR35

Weakness CWE-352 · CSRF

Published June 3, 2019

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.

Key dates

02Disclosure timeline

June 3, 2019 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-9882 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

Identifiers

CVE CVE-2019-9882

CWE CWE-352

Affected versions

Vendor Oaklouds

Product MailSherlock MSR35

Affected ≥ iSherlock-base and < 1.5-328

Vendor Oaklouds

Product MailSherlock MSR35

Affected ≥ iSherlock-useradmin and < 1.5-239

Vendor Oaklouds

Product MailSherlock MSR35

Affected ≥ iSherlock-sysinfo and < 1.5-196

Vendor Oaklouds

Product MailSherlock MSR35

Affected ≥ iSherlock-user and < 1.5-127

Vendor Oaklouds

Product MailSherlock MSR45

Affected ≥ iSherlock-base and < 4.5-206

Vendor Oaklouds

Product MailSherlock MSR45

Affected ≥ iSherlock-useradmin and < 4.5-106

Vendor Oaklouds

Product MailSherlock MSR45

Affected ≥ iSherlock-sysinfo and < 4.5-109

Vendor Oaklouds

Product MailSherlock MSR45

Affected ≥ iSherlock-user and < 4.5-81

CVE-2019-9882: Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist.

01Description

02Disclosure timeline

03References

04Related CVE