Description
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.
Exploits (1)
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3657
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/24760
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1261
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34145
Scores
EPSS
0.0515
EPSS Percentile
89.9%
Details
Status
published
Products (1)
sky_gunning/myspeach
< 3.0.7
Published
Apr 09, 2007
Tracked Since
Feb 18, 2026