CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-2147

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1110%
EPSS Percentile41.30th
Published2007年4月19日
Last Modified2026年4月23日

Vulnerability Description

admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.

Affected Platforms (CPE)

📦
Stephen Craton

Chatness

<= 2.5.3

References & Advisories

🔗 http://secunia.com/advisories/24873
🔗 http://securityreason.com/securityalert/2595
🔗 http://www.securityfocus.com/archive/1/465547/100/0/threaded
🔗 http://www.vupen.com/english/advisories/2007/1386
🔗 http://secunia.com/advisories/24873
🔗 http://securityreason.com/securityalert/2595
🔗 http://www.securityfocus.com/archive/1/465547/100/0/threaded
🔗 http://www.vupen.com/english/advisories/2007/1386

相關漏洞威脅

CVE-2007-095410.0

MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vector...

CVE-2007-139410.0

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP c...

CVE-2006-703610.0

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via t...

CVE-2007-214910.0

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2...