Vulnerability Details CVE-2007-3419
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/45400
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
- http://osvdb.org/45400
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
Products affected by CVE-2007-3419
-
cpe:2.3:a:web-app.org:webapp:*