N/A

Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs

N/A

N/A

phpbb 123 Flash Chat 多个PHP远程文件包含漏洞

** 有争议的 ** phpBB的123 Flash Chat模块中的多个PHP远程文件包含漏洞，允许远程攻击者借助一个URL，执行任意的PHP代码。该URL存在于(1)123flashchat.php和(2)phpbb_login_chat.php的phpbb_root_path参数中。注意：CVE对此漏洞存有争议，因为$phpbb_root_path在两个程序中都已经很明确地发送到"./"了。

N/A

N/A