CVE-2019-13097
HIGHCat Runner Decorate Home 2.8.0 - Score Parameter Manipulation via Insufficient Input Validation
Title source: llmDescription
The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://pastebin.com/WkkGk0tw
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=u5iEeLZnYVg
Scores
CVSS v3
7.5
EPSS
0.0137
EPSS Percentile
68.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (1)
cat_runner\/_decorate_home_project
cat_runner\ _decorate_home
Published
Jul 22, 2019
Tracked Since
Feb 18, 2026