CNNVD-202602-847 Information
CNNVD ID
CNNVD-202602-847
Related CVE
- CNNVD Published: 2026-02-05
Description (Chinese)
Axigen Mail Server是Axigen公司的一款邮件服务器软件。 Axigen Mail Server 10.5.57之前版本和10.6.26版本之前的10.6.x版本存在安全漏洞,该漏洞源于WebAdmin界面通过不当处理_s参数存在跨站请求伪造,攻击者可构造恶意URL,在管理员点击登录后执行任意管理操作。
Description (English)
Axigen Mail Server is a mail server software for Axigen. There is a security loophole in previous versions of Axigen Mail Server 10.5.57 and in previous versions of 10.6.x, which stems from the existence of cross-site requests through the WebAdmin interface through the improper handling of s parameters. The attackers can construct malicious URLs and perform arbitrary management operations after the administrator clicks on the login.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Axigen
Published
2026-02-05
Last Modified
2026-02-24
References
https://www.axigen.com/knowledgebase/Axigen-WebAdmin-CSRF-Vulnerability-CVE-2025-68722-_407.html https://www.axigen.com/mail-server/download/
Patch
https://www.axigen.com/mail-server/download/
Share on: