FlashChat has a multiple remote file-include vulnerability. A remote attacker could execute arbitrary code on the Web server by sending a specially crafted URL request to the aedating4CMS.php, aedatingCMS2.php, or aedatingCMS.php script, using the dir[inc] parameter to specify a malicious file from a remote system.

affected-products-logoAffected Products

FlashChat versions prior to 4.6.2

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Update the software to last version

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)