Design/Logic Flaw

2007-06-2623:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or © removed member, which has unknown impact and remote attack vectors.