VYPR
Unrated severityNVD Advisory· Published Jun 26, 2007· Updated Jun 16, 2026

CVE-2007-3420

CVE-2007-3420

Description

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

Affected products

2
  • cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*range: <=0.9.9.6
    • (no CPE)range: <0.9.9.7

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.