Vulners
Lucene search
123 Flash Chat 5.0 - Remote Code Injection Weakness
source: http://www.securityfocus.com/bid/16360/info
123 Flash Chat is prone to an arbitrary code injection weakness.
An attacker can influence the value of a variable that is insecurely passed to an 'eval()' call.
Successful exploitation may allow attackers to take complete control of the application and potentially carry out other attacks against the vulnerable server hosting the client, including remote unauthorized access.
Exploitation of this vulnerability likely depends on the existence of other content injection issues in the site hosting the application. An attacker would exploit other input validation vulnerabilities such as HTML injection or cross-site scripting to supply the malicious value for a variable.
123 Flash Chat 5.1 and prior versions are affected by this issue.
The following string may be supplied as a username to gain administrative privileges:
x;user.name= a;user.name=ADMIN_AVATAR_NAME;
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1