CSRF Vulnerability in MailSherlock MSR35 and MSR45 Allows Unauthorized Addition of Malicious Email Sources to Whitelist

CSRF Vulnerability in MailSherlock MSR35 and MSR45 Allows Unauthorized Addition of Malicious Email Sources to Whitelist

CVE-2019-9882 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&new=hacker@socialengineering.com&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.

Learn more about our Social Engineering.