CyberSec.Space Logo
返回 CVE 浏览器

CVE-2008-1171

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile32.37th
Published2008年3月5日
Last Modified2026年4月23日

Vulnerability Description

Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs

Affected Platforms (CPE)

📦
Phpbb

123 Flash Chat Module

All versions

References & Advisories

🔗 http://securityreason.com/securityalert/3716
🔗 http://www.attrition.org/pipermail/vim/2008-March/001913.html
🔗 http://www.securityfocus.com/archive/1/488914/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/488922/100/0/threaded
🔗 http://securityreason.com/securityalert/3716
🔗 http://www.attrition.org/pipermail/vim/2008-March/001913.html
🔗 http://www.securityfocus.com/archive/1/488914/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/488922/100/0/threaded

相关漏洞威胁

CVE-2008-198910.0

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is ...

CVE-2008-073510.0

SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL c...

CVE-2008-292810.0

Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote att...

CVE-2008-501710.0

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...