CVE-2008-2074

Name of the Vulnerable Software and Affected Versions Harris Wap Chat version 1.0

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to various PHP files, including "eng.writeMsg.php", "eng.adCreate.php", "eng.adCreateSave.php", "eng.adDispByTypeOptions.php", "eng.createRoom.php", "eng.forward.php", "eng.pageLogout.php", "eng.resultMember.php", "eng.roomDeleteConfirm.php", "eng.saveNewRoom.php", and "eng.searchMember.php" in the src/ directory. This can occur when register globals is enabled.

Recommendations For Harris Wap Chat version 1.0, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the vulnerable PHP files in the src/ directory until a patch is available. Avoid using the sysFileDir parameter in the affected API endpoints until the issue is resolved.