Lucene search

K
cve[email protected]CVE-2007-3424
HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3424

2007-06-2623:30:00
web.nvd.nist.gov
19
cve-2007-3424
web-app.org
webapp
instant message
remote attack vectors
security vulnerability

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

Affected configurations

NVD
Node
web-app.orgwebappRange0.9.9.6

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

Related for CVE-2007-3424