Vulnerabilities > CVE-2007-3421 - Remote Security vulnerability in WebAPP

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

web-app-org

NVD

Published: 2007-06-26

Updated: 2008-11-15

Summary

The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.

Vulnerable Configurations

Part	Description	Count
Application	Web-App.Org WEB App.Org Webapp *	1

References

http://osvdb.org/45402
http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458
http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip