2 matches found
Remote file inclusion
PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a mymsroot cookie, a different vector than CVE-2007-0491 and CVE-2006-4630...
CVE-2006-4630
CVE-2006-4630 describes a PHP remote file inclusion in jscript.php for Sky GUNNING MySpeach 3.0.2 and earlier. When register_globals is enabled, an attacker can cause arbitrary PHP code execution via a URL in the my_ms[root] parameter. Affected versions are 3.0.2 and earlier; impact is remote cod...