CVE-2007-3419

Published: Jun 26, 2007Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.

Affected (1)

Products: Web App.org: Webapp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Web App.org Webapp	Up to 0.9.9.6

References (6)

http://osvdb.org/45400

Source: cve@mitre.org

http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

Source: cve@mitre.org

http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip

Source: cve@mitre.org

Patch

http://osvdb.org/45400

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.