Design/Logic Flaw

2007-06-2623:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.8%

JSON

The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, (5) profile view, (6) gallery view, (7) gallery comment, and (8) gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors.

CPENameOperatorVersion
webapple0.9.9.6

CPE	Name	Operator	Version
	webapp	le	0.9.9.6

References

osvdb.org/45402

www.web-app.org/cgi-bin/index.cgi?action=forum&board=how_to&op=display&num=9458

www.web-app.org/downloads/WebAPPv0.9.9.7.zip