CVE-2017-9518by Jeremyin Security Bulletinson Posted on June 8, 2017 atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.