Unrated severityNVD Advisory· Published Jun 26, 2007· Updated Apr 23, 2026

CVE-2007-3420

Description

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the (1) username, (2) password, (3) usertheme, and (4) userlang cookies for unauthorized users, which has unknown impact and remote attack vectors.

Affected products

Web App.org/Webapp
cpe:2.3:a:web-app.org:webapp:*:*:*:*:*:*:*:*
Range: <=0.9.9.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.web-app.org/downloads/WebAPPv0.9.9.7.zipnvdPatch
osvdb.org/45401nvd
www.web-app.org/cgi-bin/index.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000