CVE-2007-3423

Published Jun 26, 2007

Last updated 16 years ago

Overview

Description: cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "148D57A7-D6B9-41A5-8B65-DCE7072E1C31",
            "versionEndIncluding": "0.9.9.6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References