CVE-2006-0223
Shanghai TopCMM 123 Flash Chat Server Software 5.1 - Path Traversal and Arbitrary File Write via Username Field
Title source: llmDescription
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18455
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16235
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0198
Patch x_refsource_misc
http://www.123flashchat.com/flash-chat-server-v512.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22440
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24137
Scores
EPSS
0.0162
EPSS Percentile
73.2%
Details
CWE
CWE-22
Status
published
Products (2)
topcmm_computing/123_flash_chat_server
5.0
topcmm_computing/123_flash_chat_server
5.1
Published
Jan 16, 2006
Tracked Since
Feb 18, 2026