CVE-2003-0979 — MEDIUM (5.0)

Vulnerability Description

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Freescripts	Visitorbook	le

References

http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txtPatchVendor Advisory
http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txtPatchVendor Advisory

FAQ

What is CVE-2003-0979?

CVE-2003-0979 is a vulnerability with a CVSS score of 5.0 (MEDIUM). FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra he...

How severe is CVE-2003-0979?

CVE-2003-0979 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0979?

Check the references section above for vendor advisories and patch information. Affected products include: Freescripts Visitorbook.