CNNVD-202507-3904 Information
CNNVD ID
CNNVD-202507-3904
Related CVE
- CNNVD Published: 2025-07-31
Description (Chinese)
TUFaT FlashChat是TUFaT公司的一个在线聊天系统脚本。 TUFaT FlashChat 6.0.2版本和6.0.4至6.0.8版本存在安全漏洞,该漏洞源于upload.php端点未验证文件类型和身份验证,可能导致任意文件上传和远程代码执行。
Description (English)
TUFat FlashChat is an online chat system script for TUFT. There is a security loophole in TUFat FlashChat versions 6.0.2 and 6.0.4 to 6.0.8, which originates from the unverified file type and authentication of the superad.php endpoint, which may lead to any upload and remote code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
Turris
Published
2025-07-31
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/flashchat_upload_exec.rb https://www.exploit-db.com/exploits/28709 https://www.fortiguard.com/encyclopedia/ips/37342/flashchat-arbitrary-file-upload https://www.phpbb.com/community/viewtopic.php?t=2627786 https://www.vulncheck.com/advisories/flashchat-arbitrary-file-upload-rce
Share on: