| |
Vulnerability CVE-2007-3419
Published: 2007-06-26 Modified: 2012-02-12
| Description: |
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors. |
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
7.5/10 |
6.4/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
http://osvdb.org/45400
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
