PT-2007-1945 · Weechat · Wechat
V1Per-Hacker
·
Published
2007-01-25
·
Updated
2018-10-16
·
CVE-2007-0485
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WebChat version 0.77
Description
A remote file inclusion issue in the defines.php file of WebChat allows remote attackers to execute arbitrary PHP code by providing a URL in the
WEBCHATPATH parameter.Recommendations
For WebChat version 0.77, avoid using the
WEBCHATPATH parameter in the affected API endpoint until the issue is resolved. Restrict access to the defines.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Wechat