Alias(es)FlashChat.Multiple.Remote.File.Include |
Release DateJan 29, 2007 |
Severityhigh |
ImpactGain Access |
DescriptionFlashChat has a multiple remote file-include vulnerability. A remote attacker could execute arbitrary code on the Web server by sending a specially crafted URL request to the aedating4CMS.php, aedatingCMS2.php, or aedatingCMS.php script, using the dir[inc] parameter to specify a malicious file from a remote system. |
Affected ProductsFlashChat versions prior to 4.6.2 |
Recommended ActionsUpdate the software to last versionhttp://www.tufat.com/download.php |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4583 |
Reference/shttp://www.securityfocus.com/bid/19826 (BugTraq) |
