CVE-2007-2147 - admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for adm

CVE-2007-2147

Summary

admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.

References

http://secunia.com/advisories/24873
http://securityreason.com/securityalert/2595
http://www.securityfocus.com/archive/1/465547/100/0/threaded
http://www.vupen.com/english/advisories/2007/1386

Vulnerable Configurations

cpe:2.3:a:stephen_craton:chatness:*:*:*:*:*:*:*:*
cpe:2.3:a:stephen_craton:chatness:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20070412 Chatness <= 2.5.3 - Arbitrary Code Execution
secunia	24873
sreason	2595
vupen	ADV-2007-1386

Last major update

16-10-2018 - 16:42

Published

19-04-2007 - 10:19

Last modified

16-10-2018 - 16:42