6.5

CVE-2007-2148

EPSS 1.99%
Veröffentlicht 19.04.2007 10:19:00
Zuletzt bearbeitet 16.06.2026 22:39:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php.  NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Stephen Craton ≫ Chatness Version <= 2.5.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.99%	0.781

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/24873

Vendor Advisory

http://securityreason.com/securityalert/2595

http://www.securityfocus.com/archive/1/465547/100/0/threaded

http://www.vupen.com/english/advisories/2007/1386

https://nvd.nist.gov/vuln/detail/CVE-2007-2148

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-2148

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-2148

EUVD