CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
80.1%
Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a … (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
Vendor | Product | Version | CPE |
---|---|---|---|
sky_gunning | myspeach | 2.1_beta | cpe:2.3:a:sky_gunning:myspeach:2.1_beta:*:*:*:*:*:*:* |
sky_gunning | myspeach | 3.0.2 | cpe:2.3:a:sky_gunning:myspeach:3.0.2:*:*:*:*:*:*:* |
sky_gunning | myspeach | 3.0.6 | cpe:2.3:a:sky_gunning:myspeach:3.0.6:*:*:*:*:*:*:* |
sky_gunning | myspeach | 3.0.7 | cpe:2.3:a:sky_gunning:myspeach:3.0.7:*:*:*:*:*:*:* |