Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.
References
| Link | Resource |
|---|---|
| http://osvdb.org/33890 | |
| http://secunia.com/advisories/24433 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/22865 | Exploit Vendor Advisory |
| http://www.vupen.com/english/advisories/2007/0871 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32882 | |
| https://www.exploit-db.com/exploits/3428 | |
| http://osvdb.org/33890 | |
| http://secunia.com/advisories/24433 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/22865 | Exploit Vendor Advisory |
| http://www.vupen.com/english/advisories/2007/0871 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32882 | |
| https://www.exploit-db.com/exploits/3428 |
Configurations
History
21 Nov 2024, 00:28
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://osvdb.org/33890 - | |
| References | () http://secunia.com/advisories/24433 - Exploit, Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/22865 - Exploit, Vendor Advisory | |
| References | () http://www.vupen.com/english/advisories/2007/0871 - | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/32882 - | |
| References | () https://www.exploit-db.com/exploits/3428 - |
Information
Published : 2007-03-10 22:19
Updated : 2024-11-21 00:28
NVD link : CVE-2007-1394
Mitre link : CVE-2007-1394
CVE.ORG link : CVE-2007-1394
JSON object : View
Products Affected
flat_chat
- flat_chat
CWE