CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/24873	Vendor Advisory
http://securityreason.com/securityalert/2595
http://www.securityfocus.com/archive/1/465547/100/0/threaded
http://www.vupen.com/english/advisories/2007/1386

Configurations

Configuration 1 (hide)

cpe:2.3:a:stephen_craton:chatness:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-04-19 10:19

Updated : 2024-02-04 17:13

NVD link : CVE-2007-2148

Mitre link : CVE-2007-2148

CVE.ORG link : CVE-2007-2148

JSON object : View

Products Affected

stephen_craton

chatness

CWE

NVD-CWE-Other

{"id": "CVE-2007-2148", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-19T10:19:00.000", "references": [{"url": "http://secunia.com/advisories/24873", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/2595", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/465547/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1386", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n directa de c\u00f3digo est\u00e1tico en admin/save.php de Stephen Craton (tambi\u00e9n conocido como WiredPHP) Chatness 2.5.3 y versiones anteriores permite a administradores remotos autenticados inyectar c\u00f3digo PHP en fichero .html a trav\u00e9s del par\u00e1metro html, como se demuestra en head.html y foot.html, que son incluidos y ejecutados en peticiones directas de index.php.\r\nNOTA: una vulnerabilidad distinta podr\u00eda ser utilizada para explotar esta vulnerabilidad por atacantes remotos no autenticados."}], "lastModified": "2018-10-16T16:42:20.130", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stephen_craton:chatness:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD9A3E41-FD28-4098-AE3A-D181E1133872", "versionEndIncluding": "2.5.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}