返回 CVE 浏览器

CVE-2007-2266

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1460%

EPSS Percentile44.53th

Published2007年4月25日

Last Modified2026年4月23日

Vulnerability Description

Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.

Affected Platforms (CPE)

📦

Progress

Webspeed Messenger

All versions

References & Advisories

🔗 http://secunia.com/advisories/24988

🔗 http://www.ishare.nl/

🔗 http://www.securityfocus.com/archive/1/466771/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/472574/100/0/threaded

🔗 http://www.securityfocus.com/bid/23634

🔗 http://secunia.com/advisories/24988

🔗 http://www.ishare.nl/

🔗 http://www.securityfocus.com/archive/1/466771/100/0/threaded

相关漏洞威胁

CVE-2007-23547.8

Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1...

CVE-2007-25067.8

WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...