Cross-site request forgery (CSRF) vulnerability in MailEnable Professional before 2.37 allows remote attackers to modify arbitrary configurations and perform unauthorized actions as arbitrary users via a link or IMG tag.