CVE-2007-2148

Name of the Vulnerable Software and Affected Versions Chatness versions 2.5.3 and earlier

Description A direct static code injection issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter. This can be demonstrated by injecting code into files such as head.html and foot.html, which are then included and executed when index.php is requested directly.

Recommendations For Chatness versions 2.5.3 and earlier, as a temporary workaround, consider restricting access to the admin/save.php file and the html parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.