Vulnerability Description
Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&locate=big5&cmd=add&[email protected]&new_memo=&add=%E6%96%B0%E5%A2%9E without any authorizes.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hgiga | Msr35 Isherlock-Base | < 1.5.328 |
| Hgiga | Msr35 Isherlock-Sysinfo | < 1.5.196 |
| Hgiga | Msr35 Isherlock-User | < 1.5.127 |
| Hgiga | Msr35 Isherlock-Useradmin | < 1.5.239 |
| Hgiga | Msr45 Isherlock-Base | < 4.5-206 |
| Hgiga | Msr45 Isherlock-Sysinfo | < 4.5-109 |
| Hgiga | Msr45 Isherlock-User | < 4.5-81 |
| Hgiga | Msr45 Isherlock-Useradmin | < 4.5-106 |
Related Weaknesses (CWE)
References
- http://surl.twcert.org.tw/MtWeJExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904002ExploitThird Party Advisory
- http://surl.twcert.org.tw/MtWeJExploitThird Party Advisory
- https://tvn.twcert.org.tw/taiwanvn/TVN-201904002ExploitThird Party Advisory
FAQ
What is CVE-2019-9882?
CVE-2019-9882 is a vulnerability with a CVSS score of 8.8 (HIGH). Multi modules of MailSherlock MSR35 and MSR45 lead to a CSRF vulnerability. It allows attacker to add malicious email sources into whitelist via user/save_list.php?ACSION=&type=email&category=white&lo...
How severe is CVE-2019-9882?
CVE-2019-9882 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-9882?
Check the references section above for vendor advisories and patch information. Affected products include: Hgiga Msr35 Isherlock-Base, Hgiga Msr35 Isherlock-Sysinfo, Hgiga Msr35 Isherlock-User, Hgiga Msr35 Isherlock-Useradmin, Hgiga Msr45 Isherlock-Base.