CVE-2006-0223

high

Description

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/24137

http://www.vupen.com/english/advisories/2006/0198

http://www.securityfocus.com/bid/16235

http://www.osvdb.org/22440

http://www.123flashchat.com/flash-chat-server-v512.html

http://secunia.com/advisories/18455

Details

Source: Mitre, NVD

Published: 2006-01-16

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00872

Detections

Analytics