CVE-2007-0652: Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and ...

Description

Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

Metrics

EPSS Probability

1.57%

72.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Mailenable	Mailenable Professional	1.0.004
Mailenable	Mailenable Professional	1.0.005
Mailenable	Mailenable Professional	1.0.006
Mailenable	Mailenable Professional	1.0.007
Mailenable	Mailenable Professional	1.0.008
Mailenable	Mailenable Professional	1.0.009
Mailenable	Mailenable Professional	1.0.010
Mailenable	Mailenable Professional	1.0.011
Mailenable	Mailenable Professional	1.0.012
Mailenable	Mailenable Professional	1.0.013
Mailenable	Mailenable Professional	1.0.014
Mailenable	Mailenable Professional	1.0.015
Mailenable	Mailenable Professional	1.0.016
Mailenable	Mailenable Professional	1.0.017
Mailenable	Mailenable Professional	1.1
Mailenable	Mailenable Professional	1.2
Mailenable	Mailenable Professional	1.2a
Mailenable	Mailenable Professional	1.5
Mailenable	Mailenable Professional	1.6
Mailenable	Mailenable Professional	1.7
Mailenable	Mailenable Professional	1.12
Mailenable	Mailenable Professional	1.13
Mailenable	Mailenable Professional	1.14
Mailenable	Mailenable Professional	1.15
Mailenable	Mailenable Professional	1.16
Mailenable	Mailenable Professional	1.17
Mailenable	Mailenable Professional	1.18
Mailenable	Mailenable Professional	1.19
Mailenable	Mailenable Professional	1.51
Mailenable	Mailenable Professional	1.52
Mailenable	Mailenable Professional	1.53
Mailenable	Mailenable Professional	1.54
Mailenable	Mailenable Professional	1.72
Mailenable	Mailenable Professional	1.73
Mailenable	Mailenable Professional	1.82
Mailenable	Mailenable Professional	1.83
Mailenable	Mailenable Professional	1.84
Mailenable	Mailenable Professional	1.101
Mailenable	Mailenable Professional	1.102
Mailenable	Mailenable Professional	1.103
Mailenable	Mailenable Professional	1.104
Mailenable	Mailenable Professional	1.105
Mailenable	Mailenable Professional	1.106
Mailenable	Mailenable Professional	1.107
Mailenable	Mailenable Professional	1.108
Mailenable	Mailenable Professional	1.109
Mailenable	Mailenable Professional	1.110
Mailenable	Mailenable Professional	1.111
Mailenable	Mailenable Professional	1.112
Mailenable	Mailenable Professional	1.113

Showing 50 of 61 affected configurations. See NVD for the full list.

References

Timeline

Published: Feb 15, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-0652?

Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.

How severe is CVE-2007-0652?

Severity scoring for CVE-2007-0652 is pending analysis. The EPSS model estimates a 1.57% probability of exploitation in the next 30 days.

How do I fix CVE-2007-0652?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.