CVE-2007-3419 Information

Description

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat (2) languages.dat (3) profession.dat (4) gen.dat (5) marstat.dat (6) states.dat and (7) ages.dat files before saving profile settings of members which has unknown impact and remote attack vectors.

Reference

http://osvdb.org/45400 http://www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458 http://www.web-app.org/downloads/WebAPPv0.9.9.7.zip