Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Remediation

References

CVE-2008-1989

Related Vulnerabilities

WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)

MySQL CVE-2013-3793 Vulnerability (CVE-2013-3793)

WordPress Plugin BSDev.at-Importer:Serendipity Cross-Site Scripting (0.0.1)

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1000861)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9705)

Severity

Critical

Classification

CVE-2008-1989 CWE-94

Tags

Missing Update Known Vulnerabilities