VYPR

Phpmychat Plus

by Phpmychat

CVEs (5)

  • CVE-2020-9265HigFeb 18, 2020
    risk 0.53cvss 8.2epss 0.01

    phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.

  • CVE-2019-19908MedDec 20, 2019
    risk 0.41cvss 6.1epss 0.21

    phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.

  • CVE-2020-37151Feb 5, 2026
    risk 0.00cvss epss 0.00

    phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract…

  • CVE-2006-7001Feb 12, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2006-5897Nov 15, 2006
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6)…