Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
et-chat Privilege Escalation and Arbitrary Shell Upload Vulnerabilities - exploit.company
header-logo
Suggest Exploit
vendor:
et-chat
by:
7.5
CVSS
HIGH
Privilege Escalation, Arbitrary Shell Upload
CWE
Product Name: et-chat
Affected Version From: 03.07
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:et-chat_project:et-chat:3.07
Metasploit:
Other Scripts:
Platforms Tested: Unknown

et-chat Privilege Escalation and Arbitrary Shell Upload Vulnerabilities

An attacker can exploit these vulnerabilities in et-chat 3.07 and potentially other versions to gain elevated privileges within the application and upload arbitrary shells. This could lead to arbitrary code execution within the context of the vulnerable application.

Mitigation:

Update to the latest version of et-chat to mitigate these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/60660/info

et-chat is prone to a privilege-escalation vulnerability and an arbitrary shell-upload vulnerability.

An attacker can exploit these issues to gain elevated privileges within the application and upload arbitrary shells; this can result in an arbitrary code execution within the context of the vulnerable application.

et-chat 3.07 is vulnerable; other versions may also be affected. 

http://www.example.com/chat/?AdminRegUserEdit&admin&id=4

Navigation

Suggest Exploit

Services By CQR