VYPR

Phpmychat

by Phpmychat

CVEs (6)

  • CVE-2007-6297Dec 10, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to…

  • CVE-2004-2716Dec 31, 2004
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.

  • CVE-2004-2715Dec 31, 2004
    risk 0.03cvss epss 0.05

    edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.

  • CVE-2004-2718Dec 31, 2004
    risk 0.03cvss epss 0.02

    PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.

  • CVE-2007-6296Dec 10, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

  • CVE-2007-2477May 3, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value