VYPR
Unrated severityNVD Advisory· Published Jun 26, 2007· Updated Jun 16, 2026

CVE-2007-3423

CVE-2007-3423

Description

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

Affected products

2
  • cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*range: <=0.9.9.6
    • (no CPE)range: <=0.9.9.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.