Vulnerabilities > CVE-2007-1895 - Remote Security vulnerability in Myspeach

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sky-gunning
exploit available

Summary

PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

Vulnerable Configurations

Part Description Count
Application
Sky_Gunning
1

Exploit-Db

descriptionMySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability. CVE-2007-1895,CVE-2007-1896. Webapps exploit for php platform
fileexploits/php/webapps/3657.txt
idEDB-ID:3657
last seen2016-01-31
modified2007-04-03
platformphp
port
published2007-04-03
reporterXst3nZ
sourcehttps://www.exploit-db.com/download/3657/
titleMySpeach <= 3.0.7 - Remote/Local File Inclusion Vulnerability
typewebapps