CVE-2009-2355

Name of the Vulnerable Software and Affected Versions NullLogic Groupware version 1.2.7

Description The issue allows remote authenticated users to cause a denial of service, resulting in an application crash. This can be achieved by specifying either an empty string or a non-numeric string when selecting a forum, which is related to the fmessagelist function.

Recommendations For NullLogic Groupware version 1.2.7, as a temporary workaround, consider restricting access to the forum module until a patch is available. Additionally, avoid using non-numeric strings when selecting a forum to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.