{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:36:18.121","vulnerabilities":[{"cve":{"id":"CVE-2007-1394","sourceIdentifier":"cve@mitre.org","published":"2007-03-10T22:19:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php.  NOTE: some of these details are obtained from third party information."},{"lang":"es","value":"Vulnerabilidad de inyección directa de código estático en startsession.php en Flat Chat 2.0 permite a atacantes remotos ejecutar código PHP de su elección a través del campo Chat Name, el cual es insertado dentro de online.txt e incluido por los usuarios. NOTA: algunos de estos detalles se obtuvieron de una tercera fuente de información."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flat_chat:flat_chat:2.0:*:*:*:*:*:*:*","matchCriteriaId":"83A6083D-094D-4AB0-8F0C-85BAF1760BAC"}]}]}],"references":[{"url":"http://osvdb.org/33890","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/24433","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/22865","source":"cve@mitre.org","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/0871","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32882","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/3428","source":"cve@mitre.org"},{"url":"http://osvdb.org/33890","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/24433","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/22865","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"http://www.vupen.com/english/advisories/2007/0871","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32882","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/3428","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}