| Max CVSS | 10.0 | Min CVSS | 6.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2147 | 10.0 |
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct
|
16-10-2018 - 16:42 | 19-04-2007 - 10:19 | |
| CVE-2007-2149 | 10.0 |
Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privil
|
16-10-2018 - 16:42 | 19-04-2007 - 10:19 | |
| CVE-2007-2148 | 6.5 |
Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.ht
|
16-10-2018 - 16:42 | 19-04-2007 - 10:19 |