Intrusion Prevention

Voodoo.Chat.File.Path.Parameter.Remote.File.Inclusion

Description

A PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.

Affected Products

Voc-Project Voodoo Chat 1.0RC1b

Impact

Execute arbitrary PHP code via a URL.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://vochat.com/.

CVE References

CVE-2006-3991