Vulnerability Details CVE-2007-3418
The displaypost function in cgi-bin/cgi-lib/forum_display.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v2 Score 6.5
References
- http://osvdb.org/45399
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
- http://osvdb.org/45399
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
Products affected by CVE-2007-3418
-
cpe:2.3:a:web-app.org:webapp:*