Vulnerabilities > CVE-2003-0979 - Unspecified vulnerability in Freescripts Visitorbook LE

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

freescripts

NVD

Published: 2004-01-05

Updated: 2024-11-20

Summary

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

Vulnerable Configurations

Part	Description	Count
Application	Freescripts Freescripts Visitorbook Le	1

References

http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://marc.info/?l=bugtraq&m=107107840622493&w=2
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt
http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt