admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and previous versions does not check for administrative credentials, which allows remote malicious users to read and modify the classes/vars.php and classes/varstuff.php configuration files via direct requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
stephen craton chatness |