CVE-2006-4583

Name of the Vulnerable Software and Affected Versions FlashChat versions prior to 4.6.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in certain PHP files, including inc/cmses/aedatingCMS.php, inc/cmses/aedatingCMS2.php, and inc/cmses/aedating4CMS.php.

Recommendations For versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the dir[inc] parameter in the affected PHP files until a patch is applied.