Vulnerability Description
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-App.Org | Webapp | <= 0.9.9.6 |
References
- http://osvdb.org/45400
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&nu
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zipPatch
- http://osvdb.org/45400
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&nu
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zipPatch
FAQ
What is CVE-2007-3419?
CVE-2007-3419 is a vulnerability with a CVSS score of 7.5 (HIGH). The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.da...
How severe is CVE-2007-3419?
CVE-2007-3419 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3419?
Check the references section above for vendor advisories and patch information. Affected products include: Web-App.Org Webapp.