CVE-2007-2149 in Chatnessinfo

Zusammenfassung

von MITRE

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

19.04.2007

Veröffentlichung

19.04.2007

Moderieren

akzeptiert

Eintrag

VDB-36292

CPE

bereit

CWE

CWE-275 (unbestätigt)

Exploit

Download

CVSS

10.0 (NVD)

EPSS

0.01294

KEV

nein

Aktivitäten

very low

Sektor

Telecommunication, Hostingprovider, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-2149
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2149
CVE Details	https://www.cvedetails.com/cve/CVE-2007-2149/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!