Vulnerability CVE-2007-3423
Published: 2007-06-26   Modified: 2012-02-12

Description:
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Web-app.org -> Webapp 

 References:
http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
http://osvdb.org/45409
Copyright 2024, cxsecurity.com

 

Back to Top