| ID | 13941 |
| Created | Jan 29, 2007 |
| Updated | Nov 15, 2021 |
| Severity |
|
| CVE ID | CVE-2006-4583 |
| EPSS | 24.03% |
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |
Legend
| Active/Available |
|
| InActive/Not Available |
|
Refine Search
Threat Encyclopedia
FlashChat.Multiple.Remote.File.Inclusion
Description
FlashChat has a multiple remote file-include vulnerability. A remote attacker could execute arbitrary code on the Web server by sending a specially crafted URL request to the aedating4CMS.php, aedatingCMS2.php, or aedatingCMS.php script, using the dir[inc] parameter to specify a malicious file from a remote system.
Affected Products
FlashChat versions prior to 4.6.2
Impact
Gain Access
Recommended Actions
Update the software to last version
