CVE-2007-3416

Name of the Vulnerable Software and Affected Versions web-app.org WebAPP versions 0.8 through 0.9.9.6 web-app.net WebAPP versions 0.9.9.3.3, 0.9.9.3.4, and 2007

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the administration of polls, profiles, IP bans, and forums. These vulnerabilities allow remote attackers to perform actions, such as deletions, as administrators.

Recommendations For web-app.org WebAPP versions 0.8 through 0.9.9.6, consider disabling the administration of polls, profiles, IP bans, and forums until a fix is available. For web-app.net WebAPP versions 0.9.9.3.3, 0.9.9.3.4, and 2007, restrict access to the administration panels to minimize the risk of exploitation. As a temporary workaround, avoid using the administration features for polls, profiles, IP bans, and forums until the issue is resolved.