VYPR

PHP eMail

by Acc

CVEs (2)

  • CVE-2009-4906Jun 25, 2010
    risk 0.03cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in index.php in Acc PHP eMail 1.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords.

  • CVE-2008-6291Feb 26, 2009
    risk 0.03cvss epss 0.02

    Acc PHP eMail 1.1 allows remote attackers to bypass authentication and gain administrative access by setting the NEWSLETTERLOGIN cookie to "admin".