CVE-2006-5904 Information

Description

Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php (2) buddy.php (3) chat.php (4) dialog.php (5) head.php (6) help.php (7) index.php and (8) license.php different vectors than CVE-2005-1869.

Reference

http://securityreason.com/securityalert/1849 http://www.securityfocus.com/archive/1/450693/100/0/threaded