CVE-2008-1989

Published: Apr 27, 2008Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Affected (2)

Products: 123flashchat: 123 Flash Chat Module · E107: E107

123flashchat

1 product

123 Flash Chat Module

E107

1 product

E107

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
123flashchat 123 Flash Chat Module	Version 6.8.0
E107 E107	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://secunia.com/advisories/29870

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/28828

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/41867

Source: cve@mitre.org

https://www.exploit-db.com/exploits/5459

Source: cve@mitre.org

http://secunia.com/advisories/29870

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/28828

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/41867

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/5459

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.