Vulnerabilities > CVE-2007-2147 - Remote Security vulnerability in Chatness
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit. CVE-2007-2147,CVE-2007-2148,CVE-2007-2149. Webapps exploit for php platform |
id | EDB-ID:3725 |
last seen | 2016-01-31 |
modified | 2007-04-12 |
published | 2007-04-12 |
reporter | Gammarays |
source | https://www.exploit-db.com/download/3725/ |
title | Chatness <= 2.5.3 options.php/save.php Remote Code Execution Exploit |