Vulnerability CVE-2007-1394


Published: 2007-03-10   Modified: 2012-02-12

Description:
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Flat chat -> Flat chat 

 References:
http://www.vupen.com/english/advisories/2007/0871
http://www.securityfocus.com/bid/22865
http://www.milw0rm.com/exploits/3428
http://secunia.com/advisories/24433
http://osvdb.org/33890
http://xforce.iss.net/xforce/xfdb/32882

Copyright 2024, cxsecurity.com

 

Back to Top