Описание
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1Версия до 0.9.9.6 (включая)
cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00365
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal IM, or a message from a (b) guest or (c) removed member, which has unknown impact and remote attack vectors.
EPSS
Процентиль: 58%
0.00365
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other