Vulnerabilities > CVE-2007-1394 - Unspecified vulnerability in Flat Chat Flat Chat 2.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN flat-chat
exploit available
Summary
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability. CVE-2007-1394. Webapps exploit for php platform |
| file | exploits/php/webapps/3428.txt |
| id | EDB-ID:3428 |
| last seen | 2016-01-31 |
| modified | 2007-03-07 |
| platform | php |
| port | |
| published | 2007-03-07 |
| reporter | Dj7xpl |
| source | https://www.exploit-db.com/download/3428/ |
| title | Flat Chat 2.0 include online.txt Remote Code Execution Vulnerability |
| type | webapps |
References
- http://osvdb.org/33890
- http://osvdb.org/33890
- http://secunia.com/advisories/24433
- http://secunia.com/advisories/24433
- http://www.securityfocus.com/bid/22865
- http://www.securityfocus.com/bid/22865
- http://www.vupen.com/english/advisories/2007/0871
- http://www.vupen.com/english/advisories/2007/0871
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
- https://www.exploit-db.com/exploits/3428
- https://www.exploit-db.com/exploits/3428