VYPR
Unrated severityNVD Advisory· Published Apr 21, 2006· Updated Jun 16, 2026

CVE-2006-1963

CVE-2006-1963

Description

Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • Pcpin/Chat12 versions
    cpe:2.3:a:pcpin:pcpin_chat:3.1.5:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:a:pcpin:pcpin_chat:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:3.1.7r:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:3.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:3.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:3.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:pcpin:pcpin_chat:5.0.4:*:*:*:*:*:*:*
    • (no CPE)range: <=5.0.4

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.