CVE-2007-3423

Name of the Vulnerable Software and Affected Versions WebAPP versions prior to 0.9.9.7

Description The issue concerns the cgi-bin/cgi-lib/instantmessage.pl script in WebAPP, where the From field of an instant message is used as part of the .dat file name when certain functions read specific types of messages. This has unknown impact and can be exploited remotely.

Recommendations For versions prior to 0.9.9.7, update to version 0.9.9.7 or later to resolve the issue.