Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2006-04-21 10:02
Updated : 2024-02-04 16:52
NVD link : CVE-2006-1963
Mitre link : CVE-2006-1963
CVE.ORG link : CVE-2006-1963
JSON object : View
Products Affected
pcpin
- pcpin_chat
CWE