PT-2007-3241 · Sky Gunning · Myspeach

Xst3Nz

Published

2007-04-09

Updated

2017-10-11

CVE-2007-1895

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1895

Affected Products

Myspeach

PT-2007-3241 · Sky Gunning · Myspeach

CVE-2007-1895

Related Identifiers

Affected Products

References · 5