CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2266

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1460%
EPSS Percentile44.53th
PublishedApr 25, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

Affected Platforms (CPE)

πŸ“¦
Progress

Webspeed Messenger

All versions

References & Advisories

πŸ”— http://secunia.com/advisories/24988
πŸ”— http://www.ishare.nl/
πŸ”— http://www.securityfocus.com/archive/1/466771/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/472574/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/23634
πŸ”— http://secunia.com/advisories/24988
πŸ”— http://www.ishare.nl/
πŸ”— http://www.securityfocus.com/archive/1/466771/100/0/threaded

Related Vulnerabilities

CVE-2007-23547.8

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...