Vulnerability Description
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-App.Org | Webapp | <= 0.9.9.6 |
References
- http://osvdb.org/45409
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&nu
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zipPatch
- http://osvdb.org/45409
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&nu
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zipPatch
FAQ
What is CVE-2007-3423?
CVE-2007-3423 is a vulnerability with a CVSS score of 7.5 (HIGH). cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function rea...
How severe is CVE-2007-3423?
CVE-2007-3423 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3423?
Check the references section above for vendor advisories and patch information. Affected products include: Web-App.Org Webapp.