CVE-2007-1895 - PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when

CVE-2007-1895

Summary

PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

References

http://osvdb.org/34145
http://secunia.com/advisories/24760
http://www.vupen.com/english/advisories/2007/1261
https://www.exploit-db.com/exploits/3657

Vulnerable Configurations

cpe:2.3:a:sky_gunning:myspeach:*:*:*:*:*:*:*:*
cpe:2.3:a:sky_gunning:myspeach:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

exploit-db	3657
osvdb	34145
secunia	24760
vupen	ADV-2007-1261

Last major update

11-10-2017 - 01:32

Published

09-04-2007 - 20:19

Last modified

11-10-2017 - 01:32