Vulnerabilities > CVE-2007-3419 - Unspecified vulnerability in Web-App.Org Webapp
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://osvdb.org/45400
- http://osvdb.org/45400
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip
- http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip