← back
CVE-2007-2147

CVE-2007-2147

EPSS 3.4%
admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier does not check for administrative credentials, which allows remote attackers to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/3725unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/24873http://securityreason.com/securityalert/2595http://www.securityfocus.com/archive/1/465547/100/0/threadedhttp://www.vupen.com/english/advisories/2007/1386