CVE

Id
36619  
CVE No.
CVE-2008-6502  
Status
Candidate  
Description
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. (dot dot) in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to (1) an individual user or (2) a room, leading to cross-site request forgery (CSRF), cross-site scripting (XSS), or other impacts.  
Phase
Assigned (20090320)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
399460 36619 CVE-2008-6502 MILW0RM:7409  View
399461 36619 CVE-2008-6502 URL:http://www.milw0rm.com/exploits/7409  View
399462 36619 CVE-2008-6502 OSVDB:50697  View
399463 36619 CVE-2008-6502 URL:http://osvdb.org/50697  View
399464 36619 CVE-2008-6502 SECUNIA:33088  View
399465 36619 CVE-2008-6502 URL:http://secunia.com/advisories/33088  View
399466 36619 CVE-2008-6502 XF:prochatrooms-senddata-xss(47242)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
40466 JVNDB-2009-001472 phpBB におけるアクセス制限を回避されるおよびアカウントをアクティブにされる脆弱性 phpBB には、アクセス制限を回避されるおよびアクティブでないアカウントをアクティブにされる脆弱性が存在します。 CVE-2008-6506 36619 5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001472.html  View