CVE-2007-2148

Chatness < 2.5.3 - Authenticated PHP Code Injection via HTML Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2148.

AI-analyzed exploit summary This exploit leverages two vulnerabilities in Chatness <= 2.5.3: an authentication bypass in /admin/options.php to extract admin credentials and a file write vulnerability in /admin/save.php to inject PHP code into head.html, leading to remote code execution.

Description

Direct static code injection vulnerability in admin/save.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed upon a direct request for index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Exploits (1)

exploitdb WORKING POC
phpwebappsphp
https://www.exploit-db.com/exploits/3725

This exploit leverages two vulnerabilities in Chatness <= 2.5.3: an authentication bypass in /admin/options.php to extract admin credentials and a file write vulnerability in /admin/save.php to inject PHP code into head.html, leading to remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Chatness <= 2.5.3
No auth needed
Prerequisites: Target URL with vulnerable Chatness installation
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/465547/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24873
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1386
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2595

Scores

EPSS 0.0328
EPSS Percentile 87.5%

Details

Status published
Products (1)
stephen_craton/chatness < 2.5.3
Published Apr 19, 2007
Tracked Since Feb 18, 2026