CVE-2006-4677

Name of the Vulnerable Software and Affected Versions phpopenchat versions prior to 3.0.2

Description The issue allows remote attackers to execute arbitrary PHP code via the sourcedir parameter in the contrib/yabbse/poc.php file. A dispute regarding this issue was raised by a third-party researcher, who claimed that the REQUEST parameters were dynamically unset at the beginning of the file. However, it was noted that the unset PHP function can be bypassed.

Recommendations For versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the sourcedir parameter in the affected file to minimize the risk of exploitation.