cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
                
            References
                    Configurations
                    History
                    21 Nov 2024, 00:33
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () http://osvdb.org/45409 - | |
| References | () http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458 - | |
| References | () http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip - Patch | 
Information
                Published : 2007-06-26 23:30
Updated : 2025-04-09 00:30
NVD link : CVE-2007-3423
Mitre link : CVE-2007-3423
CVE.ORG link : CVE-2007-3423
JSON object : View
Products Affected
                web-app.org
- webapp
CWE
                