CVE-2007-3419

Name of the Vulnerable Software and Affected Versions WebAPP versions prior to 0.9.9.7

Description The issue concerns the editprofile3 function in cgi-bin/cgi-lib/user.pl, which fails to properly check several files, including themes.dat, languages.dat, profession.dat, gen.dat, marstat.dat, states.dat, and ages.dat, before saving member profile settings. This has an unknown impact and can be exploited remotely.

Recommendations For versions prior to 0.9.9.7, update to version 0.9.9.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the editprofile3 function in cgi-bin/cgi-lib/user.pl until a patch is available. Additionally, restrict modifications to the files themes.dat, languages.dat, profession.dat, gen.dat, marstat.dat, states.dat, and ages.dat to minimize the risk of exploitation.