opensolutions/vimbadmin is susceptible to multiple cross-site request forgery (CSRF) vulnerabilities. The vulnerabilities are possible because of flaws in the addAction()
method in the DomainController, MailboxController, ArchiveController and AliasController files and the purgeAction()
method in the DomainController and MailboxController files. An attacker can delete an administrator, update an administrator’s password, delete a mailbox address, force the archival of a mail box address, remove the mailbox and alias addresses.
CPE | Name | Operator | Version |
---|---|---|---|
opensolutions/vimbadmin | le | 3.0.15 |