CVE-2008-1989

Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Affected products

• 123flashchat / 123_flash_chat_module6.8.0 – 6.8.0
• e107 / e107

References

• MISChttp://www.securityfocus.com/bid/28828
• EXPLOIThttps://www.exploit-db.com/exploits/5459
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/41867
• VENDOR_ADVISORYhttp://secunia.com/advisories/29870