CyberSec.Space Logo
Back to CVE Browser

CVE-2007-1394

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile22.96th
PublishedMar 10, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Flat Chat

Flat Chat

= 2.0

References & Advisories

πŸ”— http://osvdb.org/33890
πŸ”— http://secunia.com/advisories/24433
πŸ”— http://www.securityfocus.com/bid/22865
πŸ”— http://www.vupen.com/english/advisories/2007/0871
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
πŸ”— https://www.exploit-db.com/exploits/3428
πŸ”— http://osvdb.org/33890
πŸ”— http://secunia.com/advisories/24433

Related Vulnerabilities

CVE-2007-195910.0

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vector...

CVE-2007-182210.0

Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailbo...

CVE-2007-049610.0

PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to ex...

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...