CVE-2007-1394

Опубликовано: 10 мар. 2007

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.

Ссылки

http://osvdb.org/33890
http://secunia.com/advisories/24433
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/22865
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0871
https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
https://www.exploit-db.com/exploits/3428
http://osvdb.org/33890
http://secunia.com/advisories/24433
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/22865
Exploit
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0871
https://exchange.xforce.ibmcloud.com/vulnerabilities/32882
https://www.exploit-db.com/exploits/3428

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flat_chat:flat_chat:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10749

Средний

10 Critical

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gw97-8q66-54x3

github

почти 4 года назад