CVE-2007-3419

2007-06-2623:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.