admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2019/CVE-2019-16949.md
0xMarcio 48a00929ac Removed duplicates
2024-06-18 02:51:15 +02:00

1016 B
Raw Blame History

CVE-2019-16949

Description

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat (where the user enters in their name and e-mail address). This POST request can be modified to change the message as well as the end recipient of the message. The e-mail address will have the same domain name and user as the product allotted. This can be used in phishing campaigns against users on the same domain.

POC

Reference

Github

No PoCs found on GitHub currently.