Lucene search

[email protected]CVE-2007-3424

HistoryJun 26, 2007 - 11:30 p.m.

CVE-2007-3424

2007-06-2623:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3424

web-app.org

webapp

instant message

remote attack vectors

security vulnerability

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

Affected configurations

NVD

Node

web-app.orgwebappRange≤0.9.9.6

CPENameOperatorVersion
web-app.org:webappweb-app.org webapple0.9.9.6

CPE	Name	Operator	Version
web-app.org:webapp	web-app.org webapp	le	0.9.9.6

References

osvdb.org/45410

www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

www.web-app.org/downloads/WebAPPv0.9.9.7.zip

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for CVE-2007-3424

cvelist1 prion1 nvd1