CVE-2017-6086 in ViMbAdmin
Summary
by MITRE
Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to (1) add an administrator user via a crafted POST request to /application/controllers/DomainController.php, (2) remove an administrator user via a crafted GET request to /application/controllers/DomainController.php, (3) change an administrator password via a crafted POST request to /application/controllers/DomainController.php, (4) add a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (5) delete a mailbox via a crafted POST request to /application/controllers/MailboxController.php, (6) archive a mailbox address via a crafted GET request to /application/controllers/ArchiveController.php, (7) add an alias address via a crafted POST request to /application/controllers/AliasController.php, or (8) remove an alias address via a crafted GET request to /application/controllers/AliasController.php.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/17/2025
The vulnerability identified as CVE-2017-6086 represents a critical cross-site request forgery flaw in ViMbAdmin version 3.0.15, a web-based email administration tool that manages virtual mail servers. This vulnerability stems from the absence of proper CSRF protection mechanisms in multiple administrative functions within the application's controller files, specifically affecting DomainController.php, MailboxController.php, ArchiveController.php, and AliasController.php. The flaw allows remote attackers to execute unauthorized administrative actions by crafting malicious requests that exploit the trust relationship between the web application and authenticated administrators.
The technical implementation of this vulnerability occurs through the manipulation of HTTP requests that bypass the application's authentication checks. Attackers can leverage the addAction and purgeAction functions to perform various malicious operations without proper authorization, as these functions do not validate the origin of requests or implement anti-CSRF tokens. The vulnerability manifests across multiple attack vectors including POST requests that add administrator users or mailboxes, and GET requests that remove users or archive mailbox addresses. This comprehensive scope of affected functions indicates a systemic lack of CSRF protection throughout the administrative interface, making the entire application surface area vulnerable to exploitation.
The operational impact of CVE-2017-6086 is severe and multifaceted, potentially allowing attackers to completely compromise the email administration system. Successful exploitation could result in unauthorized user creation, deletion of critical administrative accounts, password changes that lock out legitimate users, mailbox manipulation that disrupts email services, and alias management that could be used for phishing or spam activities. The vulnerability particularly affects organizations that rely on ViMbAdmin for managing their email infrastructure, as it could lead to complete administrative control over email domains and user accounts. This risk is compounded by the fact that attackers do not require any valid credentials to exploit these vulnerabilities, making the attack surface particularly wide.
The vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in web applications, and demonstrates characteristics consistent with ATT&CK technique T1566 related to phishing attacks that leverage CSRF vulnerabilities. Organizations should implement immediate mitigations including the addition of anti-CSRF tokens to all administrative requests, proper validation of request origins, and implementation of the SameSite cookie attributes. Additionally, the application should be updated to a patched version of ViMbAdmin that addresses these CSRF vulnerabilities, and administrators should conduct thorough security assessments of their email infrastructure to identify any potential compromise. The remediation process should include comprehensive monitoring of administrative activities and implementation of proper access controls to limit the impact of any potential exploitation attempts.