CVE-2008-2074 Information

Description

Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0 when register_globals is enabled allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php (2) eng.adCreate.php (3) eng.adCreateSave.php (4) eng.adDispByTypeOptions.php (5) eng.createRoom.php (6) eng.forward.php (7) eng.pageLogout.php (8) eng.resultMember.php (9) eng.roomDeleteConfirm.php (10) eng.saveNewRoom.php and (11) eng.searchMember.php in src/.

Reference

http://secunia.com/advisories/30022 http://www.securityfocus.com/bid/28995 https://exchange.xforce.ibmcloud.com/vulnerabilities/42112 https://www.exploit-db.com/exploits/5525