CVE-2007-2147

Name of the Vulnerable Software and Affected Versions Chatness versions 2.5.3 and earlier

Description The issue allows remote attackers to read and modify configuration files without proper administrative credentials. This is due to a lack of credential checks in the admin/options.php file. Attackers can exploit this by making direct requests to access and alter the classes/vars.php and classes/varstuff.php configuration files.

Recommendations For Chatness versions 2.5.3 and earlier, consider restricting access to the admin/options.php file and ensure that all requests to this file are properly authenticated to prevent unauthorized modifications to the configuration files.