The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.
Vector
NETWORK
Complexity
LOW
Authentication
SINGLE_INSTANCE
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| ADV-2009-1817 | |||
| 20090706 High security hole in NullLogic Groupware | |||
| http://www.nth-dimension.org.uk/utils/get.php?downloadsi... |