CVE-2007-1895

{"id": "CVE-2007-1895", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-09T20:19:00.000", "references": [{"url": "http://osvdb.org/34145", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24760", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1261", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3657", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/34145", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24760", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1261", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3657", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier, when used with PHP 5, allows remote attackers to execute arbitrary PHP code via an ftp URL in a my_ms[root] cookie, a different vector than CVE-2007-0491 and CVE-2006-4630."}, {"lang": "es", "value": "Vulnerabilidad de inclusi\u00f3n remota de archivo en PHP en chat.php de Sky GUNNING MySpeach 3.0.7 y anteriores, cuando se usa con PHP 5, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante un URL de tipo ftp en la cookie my_ms[root], un vector distinto de CVE-2007-0491 y CVE-2006-4630."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sky_gunning:myspeach:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20FC35AB-D1BA-463B-A7F0-9FD42F05F982", "versionEndIncluding": "3.0.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}