|
|
CVE Reference: CVE-2007-3423 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3423 |
|
|
Description: cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors. |
|
|
CVE Status: Candidate |
|
|
References: OSVDB 45409 CONFIRM http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458 |
|
| Return to the previous page. |
