VYPR
Unrated severityNVD Advisory· Published Feb 5, 2026· Updated Feb 5, 2026

phpMyChat Plus 1.98 'deluser.php' SQL Injection

CVE-2020-37151

Description

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.