3 matches found
CVE-2007-2148
CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...
CVE-2007-2149
Chatness 2.5.3 and earlier is affected. The issue arises from storing usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, with the recommendation of file permissions 0666 or 0777. This enables local users to read credential data and may allow remote attackers...
CVE-2007-2147
The CVE-2007-2147 entry affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier. The issue is that admin/options.php does not verify administrative credentials, allowing remote attackers to read and modify the configuration files classes/vars.php and classes/varstuff.php via direct requests....