CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
References
Link Resource
https://pastebin.com/WkkGk0tw Exploit Third Party Advisory
https://www.youtube.com/watch?v=u5iEeLZnYVg Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cat_runner\:_decorate_home_project:cat_runner\:_decorate_home:2.8.0:*:*:*:*:android:*:*

History

No history.

Information

Published : 2019-07-22 17:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-13097

Mitre link : CVE-2019-13097

CVE.ORG link : CVE-2019-13097


JSON object : View

Products Affected

cat_runner\

  • _decorate_home_project
CWE
CWE-20

Improper Input Validation