Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0148

4 documents4 sources

Severity

6.8MEDIUM

EPSS

31.4%

top 3.22%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Omnigroup Omniweb

Timeline

PublishedJan 9

Latest updateMay 1

Description

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDomnigroup/omniweb5.5.1

Patches

Patch: secunia.com ↗Patch: www.omnigroup.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-5hhm-cfgj-c582: Format string vulnerability in OmniGroup OmniWeb 5↗2022-05-01

▶

CVEList

CVE-2007-0148: Format string vulnerability in OmniGroup OmniWeb 5↗2007-01-09

▶

💥Exploits & PoCs

Exploit-DB

OmniWeb 5.5.1 - JavaScript alert() Remote Format String (PoC)↗2007-01-07

▶