CVE-2007-6296 — MEDIUM (5.0)

Vulnerability Description

PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Phpmychat	Phpmychat	0.14.5

Related Weaknesses (CWE)

CWE-94

References

http://securityreason.com/securityalert/3426
http://www.securityfocus.com/archive/1/484575/100/0/threaded
http://securityreason.com/securityalert/3426
http://www.securityfocus.com/archive/1/484575/100/0/threaded

FAQ

What is CVE-2007-6296?

CVE-2007-6296 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

How severe is CVE-2007-6296?

CVE-2007-6296 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-6296?

Check the references section above for vendor advisories and patch information. Affected products include: Phpmychat Phpmychat.