CVE-2008-2974

Name of the Vulnerable Software and Affected Versions MM Chat version 1.5

Description A directory traversal issue exists in chatconfig.php, allowing remote attackers to include and execute arbitrary local files when register globals is enabled. This is achieved by using directory traversal sequences in the currentlang parameter of the affected API endpoint.

Recommendations For MM Chat version 1.5, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the chatconfig.php file to minimize the risk of arbitrary file inclusion. Avoid using the currentlang parameter in the affected endpoint until the issue is resolved.