Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach 3.0.7 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) and trailing %00 (NULL) in a my_ms[root] cookie.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Myspeach | Sky_gunning | 3.0.2 | 3.0.2 |
Myspeach | Sky_gunning | 2.1_beta | 2.1_beta |
Myspeach | Sky_gunning | 3.0.7 | 3.0.7 |
Myspeach | Sky_gunning | 3.0.6 | 3.0.6 |