CVE-2005-0862

Name of the Vulnerable Software and Affected Versions PHPOpenChat versions 3.0.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved via several parameters to different PHP files, including the phpbb root path parameter to files such as 'poc loginform.php' or 'phpbb/poc.php', the poc root path parameter to files like 'phpbb/poc.php', 'phpnuke/ENGLISH poc.php', 'phpnuke/poc.php', or 'yabbse/poc.php', and the sourcedir parameter to 'yabbse/poc.php'.

Recommendations For PHPOpenChat versions 3.0.1 and earlier, consider disabling the phpbb root path, poc root path, and sourcedir parameters in the affected PHP files until a patch is available. Restrict access to the vulnerable PHP files, such as 'poc loginform.php', 'phpbb/poc.php', 'phpnuke/ENGLISH poc.php', 'phpnuke/poc.php', and 'yabbse/poc.php', to minimize the risk of exploitation.