Vulnerabilities > CVE-2007-3424 - Remote Security vulnerability in WebAPP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

web-app-org

NVD

Published: 2007-06-26

Updated: 2008-11-15

Summary

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Web-App.Org WEB App.Org Webapp *	1

References

http://osvdb.org/45410
http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip