Lucene search

[email protected]NVD:CVE-2007-1394

HistoryMar 10, 2007 - 10:19 p.m.

CVE-2007-1394

2007-03-1022:19:00

[email protected]

web.nvd.nist.gov

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.143 Low

EPSS

Percentile

95.7%

JSON

Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

flat_chatflat_chatMatch2.0

References

osvdb.org/33890

secunia.com/advisories/24433

www.securityfocus.com/bid/22865

www.vupen.com/english/advisories/2007/0871

exchange.xforce.ibmcloud.com/vulnerabilities/32882

www.exploit-db.com/exploits/3428

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.143 Low

EPSS

Percentile

95.7%

JSON

Related for NVD:CVE-2007-1394

prion1 cvelist1 cve1 securityvulns1