← back
CVE-2007-3423

CVE-2007-3423

EPSS 1.1%
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/45409http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip