CVE-2019-13097

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
References
Link Resource
https://www.youtube.com/watch?v=u5iEeLZnYVg Exploit Third Party Advisory
https://pastebin.com/WkkGk0tw Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cat_runner:_decorate_home_project:cat_runner:_decorate_home:2.8.0:*:*:*:*:android:*:*

Information

Published : 2019-07-22 05:15

Updated : 2019-07-26 02:25


NVD link : CVE-2019-13097

Mitre link : CVE-2019-13097

Products Affected
No products.
CWE