CVE-2007-3423

critical

Description

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.

References

http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip

http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

http://osvdb.org/45409

Details

Source: Mitre, NVD

Published: 2007-06-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00334