Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0979

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0979
Last Modified 10 Sep 2008 03:21:19
Published 05 Jan 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0979

Summary

FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.

Vulnerable Systems

Application

  • Freescripts Visitorbook Le


References

MISC - http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt

BUGTRAQ - 20031210 Visitorbook LE Multiple Vulnerabilities


Last Updated: 27 May 2016 10:38:08