CVE-2007-2149

Chatness <2.5.3 - Privilege Escalation

Title source: llm

Description

Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gammarays · phpwebappsphp

https://www.exploit-db.com/exploits/3725

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/24873

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/465547/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1386

[Third Party Advisory] http://securityreason.com/securityalert/2595

Scores

EPSS 0.0129

EPSS Percentile 79.8%

Details

Status published

Products (1)

stephen_craton/chatness < 2.5.3

Published Apr 19, 2007

Tracked Since Feb 18, 2026