CyberSec.Space Logo
Back to CVE Browser

CVE-2007-2147

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile41.30th
PublishedApr 19, 2007
Last ModifiedApr 23, 2026

Vulnerability Description

admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.

Affected Platforms (CPE)

πŸ“¦
Stephen Craton

Chatness

<= 2.5.3

References & Advisories

πŸ”— http://secunia.com/advisories/24873
πŸ”— http://securityreason.com/securityalert/2595
πŸ”— http://www.securityfocus.com/archive/1/465547/100/0/threaded
πŸ”— http://www.vupen.com/english/advisories/2007/1386
πŸ”— http://secunia.com/advisories/24873
πŸ”— http://securityreason.com/securityalert/2595
πŸ”— http://www.securityfocus.com/archive/1/465547/100/0/threaded
πŸ”— http://www.vupen.com/english/advisories/2007/1386

Related Vulnerabilities

CVE-2007-095410.0

MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vector...

CVE-2007-139410.0

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP c...

CVE-2006-703610.0

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via t...

CVE-2007-214910.0

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2...