Vulnerability CVE-2019-13097
Published: 2019-07-22

Description:
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cat runner -> decorate home project 

 References:
https://pastebin.com/WkkGk0tw
https://www.youtube.com/watch?v=u5iEeLZnYVg
Copyright 2024, cxsecurity.com

 

Back to Top