6.5

CVE-2007-2148

EPSS 3.28%
Veröffentlicht 19.04.2007 10:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php.  NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stephen Craton ≫ Chatness Version <= 2.5.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.28%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/24873

Vendor Advisory

http://securityreason.com/securityalert/2595

http://www.securityfocus.com/archive/1/465547/100/0/threaded

http://www.vupen.com/english/advisories/2007/1386

https://nvd.nist.gov/vuln/detail/CVE-2007-2148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2148

EUVD