CVE-2008-1989

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1780%

EPSS Percentile38.18th

PublishedApr 27, 2008

Last ModifiedApr 23, 2026

Vulnerability Description

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.

Affected Platforms (CPE)

📦

123flashchat

123 Flash Chat Module

= 6.8.0

📦

E107

All versions

References & Advisories

🔗 http://secunia.com/advisories/29870

🔗 http://www.securityfocus.com/bid/28828

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/41867

🔗 https://www.exploit-db.com/exploits/5459