CVE-2007-3419
First published: Tue Jun 26 2007(Updated: )
The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the (1) themes.dat, (2) languages.dat, (3) profession.dat, (4) gen.dat, (5) marstat.dat, (6) states.dat, and (7) ages.dat files before saving profile settings of members, which has unknown impact and remote attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WebAPP | <=0.9.9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-3419?
CVE-2007-3419 has a medium severity rating due to its potential exploitation in manipulating user profile settings.
How do I fix CVE-2007-3419?
To fix CVE-2007-3419, upgrade to WebAPP version 0.9.9.7 or later, which includes necessary security patches.
What versions of WebAPP are affected by CVE-2007-3419?
CVE-2007-3419 affects all versions of WebAPP before 0.9.9.7.
What is the impact of CVE-2007-3419 on user data?
CVE-2007-3419 could allow unauthorized alteration of user profile settings, compromising the integrity of user data.
Is CVE-2007-3419 still a risk today?
If users are running versions older than 0.9.9.7, CVE-2007-3419 remains a risk and requires immediate attention.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/web-app.org
- canonical/webapp
- version/webapp/0.9.9.6