vendor:
Flat Chat Portal
by:
Dj7xpl
7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name: Flat Chat Portal
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Flat Chat Portal Remote Code Execution
The Flat Chat Portal version 2.0 is vulnerable to remote code execution. An attacker can exploit this vulnerability by inserting a malicious script in the chat name parameter. By executing commands through the 'cmd' parameter in the users.php page, the attacker can execute arbitrary code on the system.
Mitigation:
Upgrade to a patched version of the Flat Chat Portal or apply necessary security measures to prevent remote code execution.