[原文]Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
DSChat contains a flaw that may allow a malicious user to create a malicious PHP script with arbitrary content. The issue is triggered due to improper sanitization to the "Nickname" field when entering a chat before being used to create a file in the "users" directory. It is possible that the flaw may allow the creation of a malicious PHP script with arbitrary content resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.