CVE-2007-1895

MySpeach < 3.0.7 - Remote File Inclusion via my_ms[root] Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1895. PoCs published by Xst3nZ.

AI-analyzed exploit summary This is a detailed advisory describing Remote and Local File Inclusion vulnerabilities in MySpeach <= 3.0.7, including conditions for exploitation and proof-of-concept steps. It does not contain executable exploit code but provides technical analysis and PoC instructions.

Description

PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Xst3nZ · textwebappsphp
https://www.exploit-db.com/exploits/3657

This is a detailed advisory describing Remote and Local File Inclusion vulnerabilities in MySpeach <= 3.0.7, including conditions for exploitation and proof-of-concept steps. It does not contain executable exploit code but provides technical analysis and PoC instructions.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: MySpeach <= 3.0.7
No auth needed
Prerequisites: PHP >= 5.0.0 · register_globals = On · allow_url_fopen = On (for RFI)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3657
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24760
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1261
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34145

Scores

EPSS 0.0232
EPSS Percentile 81.3%

Details

Status published
Products (1)
sky_gunning/myspeach < 3.0.7
Published Apr 09, 2007
Tracked Since Feb 18, 2026