CVE-2007-1896

2007-04-09T20:19:00
ID CVE-2007-1896
Type cve
Reporter cve@mitre.org
Modified 2017-10-11T01:32:00

Description

Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.