CVE-2014-3896

Published: Jul 29, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting authorization.

Affected (2)

Products: Seeds: Acmailer

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Seeds Acmailer	From 3.8.0 to 3.8.17
Seeds Acmailer	From 3.9.0 to 3.9.10

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://jvn.jp/en/jp/JVN42511610/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.acmailer.jp/info/de.cgi?id=52

Source: vultures@jpcert.or.jp

ExploitVendor Advisory

http://jvn.jp/en/jp/JVN42511610/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://jvndb.jvn.jp/jvndb/JVNDB-2014-000089

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.acmailer.jp/info/de.cgi?id=52

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

Timeline

No history available yet.