ID CVE-2007-1185
Summary The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:web-app.org:webapp:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:web-app.org:webapp:0.9.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:web-app.org:webapp:0.9.9.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 08-03-2011 - 02:51)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 22563
confirm http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250
osvdb 33295
secunia 24080
vupen ADV-2007-0604
Last major update 08-03-2011 - 02:51
Published 02-03-2007 - 21:18
Last modified 08-03-2011 - 02:51
Back to Top