PT-2007-2995 · Mpm · Mm Chat

Gold_M

Published

2007-03-23

Updated

2017-10-19

CVE-2007-1613

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MPM Chat version 2.5

Description A directory traversal issue exists, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the logi parameter of the view.php file.

Recommendations For MPM Chat version 2.5, consider restricting access to the view.php file until a patch is available. As a temporary workaround, avoid using the logi parameter in the view.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1613

Affected Products

Mm Chat

PT-2007-2995 · Mpm · Mm Chat

CVE-2007-1613

Related Identifiers

Affected Products

References · 6