|
|
CVE Reference: CVE-2007-2149 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2149 |
|
|
Description: Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for these files, which allows local users to gain privileges by reading the files, and allows remote attackers to obtain credentials via a direct request for admin/options.php. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/2595 SAID Secunia Advisory: SA24873 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/465547/100/0/threaded |
|
| Return to the previous page. |
