CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.027

EPSS Ranking 85.1%

CVSS Severity

CVSS v2 Score 6.5

References

http://secunia.com/advisories/24873
http://securityreason.com/securityalert/2595
http://www.securityfocus.com/archive/1/465547/100/0/threaded
http://www.vupen.com/english/advisories/2007/1386
http://secunia.com/advisories/24873
http://securityreason.com/securityalert/2595
http://www.securityfocus.com/archive/1/465547/100/0/threaded
http://www.vupen.com/english/advisories/2007/1386

Products affected by CVE-2007-2148

Stephen Craton » Chatness » Version: Any

cpe:2.3:a:stephen_craton:chatness:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-2148

Products

Pricing

Contact Us