Vulnerabilities > CVE-2007-1896 - Directory Traversal vulnerability in Myspeach

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
sky-gunning
exploit available
NVD
Published: 2007-04-09
Updated: 2017-10-11

Summary

Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.

Vulnerable Configurations

Part Description Count
Application
Sky_Gunning
4

Exploit-Db

descriptionMySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability. CVE-2007-1895,CVE-2007-1896. Webapps exploit for php platform
fileexploits/php/webapps/3657.txt
idEDB-ID:3657
last seen2016-01-31
modified2007-04-03
platformphp
port
published2007-04-03
reporterXst3nZ
sourcehttps://www.exploit-db.com/download/3657/
titleMySpeach <= 3.0.7 - Remote/Local File Inclusion Vulnerability
typewebapps

References