PT-2006-5370 · Flashchat · Flashchat
Nextman
·
Published
2006-09-06
·
Updated
2018-10-17
·
CVE-2006-4583
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FlashChat versions prior to 4.6.2
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
dir[inc] parameter in certain PHP files, including inc/cmses/aedatingCMS.php, inc/cmses/aedatingCMS2.php, and inc/cmses/aedating4CMS.php.Recommendations
For versions prior to 4.6.2, update to version 4.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the
dir[inc] parameter in the affected PHP files until a patch is applied.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Flashchat