Vulnerability Details CVE-2007-3424
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/45410
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
- http://osvdb.org/45410
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
Products affected by CVE-2007-3424
-
cpe:2.3:a:web-app.org:webapp:*