cbcvebase.
CVE-2007-3419
published 2007-06-26

CVE-2007-3419: The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3)…

PriorityP429high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.13%
62.3th percentile
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.

Affected

1 ranges
VendorProductVersion rangeFixed in
web-app.orgwebapp<= 0.9.9.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.