CVE-2008-2974

MM Chat 1.5 - Path Traversal via currentlang Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2974. PoCs published by CraCkEr.

AI-analyzed exploit summary This is a writeup detailing Local File Include (LFI) and Cross-Site Scripting (XSS) vulnerabilities in MM Chat 1.5. It provides exploit URLs but does not include functional exploit code.

Description

Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the currentlang parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/5919

This is a writeup detailing Local File Include (LFI) and Cross-Site Scripting (XSS) vulnerabilities in MM Chat 1.5. It provides exploit URLs but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: MM Chat 1.5
No auth needed
Prerequisites: Target application must be accessible · Register Globals must be enabled for LFI
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5919
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29910
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43327

Scores

EPSS 0.0198
EPSS Percentile 77.9%

Details

CWE
CWE-22
Status published
Products (1)
mm_chat/mm_chat 1.5
Published Jul 02, 2008
Tracked Since Feb 18, 2026