Dirk Bartley : Security Vulnerabilities, CVEs,
viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to execute arbitrary code via shell metacharacters in the var_filename parameter in a (1) tif or (2) pdf format action.
Max CVSS
7.5
EPSS Score
3.14%
Published
2009-04-08
Updated
2017-09-29
Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) id parameter to comm.php and (2) var_filename parameter to viewrq.php.
Max CVSS
5.0
EPSS Score
0.36%
Published
2009-04-08
Updated
2017-09-29
2 vulnerabilities found