vendor:
by:
Gammarays
N/A
CVSS
HIGH
Authentication Bypass, Arbitrary Code Execution
CWE
Product Name:
Affected Version From: Chatness <= 2.5.3
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Chatness Admin Authentication Bypass and Arbitrary Code Execution
Chatness <= 2.5.3 is affected by two vulnerabilities. The first vulnerability is an authentication bypass in /admin/options.php, where the script fails to verify if the user is an administrator and displays the administrator's username and password in plain text. The second vulnerability is an arbitrary code execution in /admin/save.php and /index.php, where an attacker can overwrite foot.html or head.html with arbitrary PHP code that will be executed when included by index.php.
Mitigation:
Until a patch is available, it is recommended to chmod both foot.html and head.html to a mode that makes them unwritable by the web server to minimize the risk of arbitrary code execution.