cve/2015/CVE-2015-6541.md

### [CVE-2015-6541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6541)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

### POC

#### Reference
- http://seclists.org/fulldisclosure/2016/Feb/121
- https://www.exploit-db.com/exploits/39500/

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-6541](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6541)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.`

			`### POC`

			`#### Reference`
			`- http://seclists.org/fulldisclosure/2016/Feb/121`
			`- https://www.exploit-db.com/exploits/39500/`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`