PT-2006-1300 · Shanghai Topcmm · Shanghai Topcmm 123 Flash Chat Server

Published

2006-01-16

Updated

2017-07-20

CVE-2006-0223

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Shanghai TopCMM 123 Flash Chat Server Software version 5.1

Description The issue allows attackers to create or overwrite arbitrary files on the server by utilizing ".." (dot dot) sequences in the username field, which is a directory traversal vulnerability.

Recommendations For Shanghai TopCMM 123 Flash Chat Server Software version 5.1, consider restricting the use of the username field to prevent directory traversal attacks until a patch is available.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2006-0223

Affected Products

Shanghai Topcmm 123 Flash Chat Server

PT-2006-1300 · Shanghai Topcmm · Shanghai Topcmm 123 Flash Chat Server

CVE-2006-0223

Weakness Enumeration

Related Identifiers

Affected Products

References · 7