Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1989

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1989
Last Modified 05 Sep 2008 05:39:15
Published 27 Apr 2008 05:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1989

Summary

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Vulnerable Systems

Application

  • 123flashchat 123 Flash Chat Module 6.8.0

  • E107


References

XF - 123flashchat-e107path-file-include(41867)

BID - 28828

MILW0RM - 5459

SECUNIA - 29870


Last Updated: 27 May 2016 10:47:42