CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1171

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile32.37th
PublishedMar 5, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs

Affected Platforms (CPE)

πŸ“¦
Phpbb

123 Flash Chat Module

All versions

References & Advisories

πŸ”— http://securityreason.com/securityalert/3716
πŸ”— http://www.attrition.org/pipermail/vim/2008-March/001913.html
πŸ”— http://www.securityfocus.com/archive/1/488914/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/488922/100/0/threaded
πŸ”— http://securityreason.com/securityalert/3716
πŸ”— http://www.attrition.org/pipermail/vim/2008-March/001913.html
πŸ”— http://www.securityfocus.com/archive/1/488914/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/488922/100/0/threaded

Related Vulnerabilities

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2008-034310.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 has u...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-034410.0

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.3 has unknown impact and remote a...