CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-1394

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile22.96th
Published2007年3月10日
Last Modified2026年4月23日

Vulnerability Description

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Flat Chat

Flat Chat

= 2.0

References & Advisories

🔗 http://osvdb.org/33890
🔗 http://secunia.com/advisories/24433
🔗 http://www.securityfocus.com/bid/22865
🔗 http://www.vupen.com/english/advisories/2007/0871
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
🔗 https://www.exploit-db.com/exploits/3428
🔗 http://osvdb.org/33890
🔗 http://secunia.com/advisories/24433

相关漏洞威胁

CVE-2007-005710.0

Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a sh...

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...

CVE-2007-195910.0

Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vector...

CVE-2007-011710.0

DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) fil...