CVE-2007-0498
published 2007-01-25CVE-2007-0498: PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.15%
79.8th percentile
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myspeach | myspeach | — | — |
| sky_gunning | myspeach | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j5jq-8mmg-cqjp: PHP remote file inclusion vulnerability in chat
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-2095 [HIGH] GHSA-j5jq-8mmg-cqjp: PHP remote file inclusion vulnerability in chat
PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter, a different vector than CVE-2007-0498.
GHSA
GHSA-r325-vhxh-h9mg: PHP remote file inclusion vulnerability in up
ghsa_unreviewed·2022-05-01
CVE-2007-0498 [HIGH] GHSA-r325-vhxh-h9mg: PHP remote file inclusion vulnerability in up
PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.
No detection rules found.
No writeups or analysis indexed.
2007-01-25
Published