cve/2019/CVE-2019-13097.md

### [CVE-2019-13097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13097)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.

### POC

#### Reference
- https://pastebin.com/WkkGk0tw

#### Github
- https://github.com/enderphan94/CVE
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-13097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13097)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The application API of Cat Runner Decorate Home version 2.8.0 for Android does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. Attackers can manipulate users' score parameters exchanged between client and server.`

			`### POC`

			`#### Reference`
			`- https://pastebin.com/WkkGk0tw`

			`#### Github`
			`- https://github.com/enderphan94/CVE`