Lucene search
MitreCVE-2007-1394HistoryMar 10, 2007 - 10:19 p.m.
CVE-2007-1394
2007-03-1022:19:00
mitre
web.nvd.nist.gov
19
cve-2007-1394
direct static code injection
flat chat 2.0
remote attackers
arbitrary php code
startsession.php
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.143
Percentile
95.7%
Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
flat_chatflat_chatMatch2.0
Related
prion
prion
Code injection
2007-03-10 22:19:00
cvelist
cvelist
CVE-2007-1394
2007-03-10 22:00:00
exploitdb
exploitdb
Flat Chat 2.0 - 'include online.txt' Remote Code Execution
2007-03-07 00:00:00
nvd
nvd
CVE-2007-1394
2007-03-10 22:19:00
securityvulns
securityvulns
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
7.8
Confidence
Low
EPSS
0.143
Percentile
95.7%
Related for CVE-2007-1394