Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
e107 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2008-1989 - Vulnerability Database
e107

e107 Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2008-1989

Critical
Reference: CVE-2008-1989
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-1989
Title: e107 Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107 when register_globals is enabled allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.