VYPR
Vendor

Phpmychat

Products
2
CVEs
11
Across products
11
Status
Private

Products

2

Recent CVEs

11
  • CVE-2019-19908Dec 20, 2019
    risk 0.03cvss epss 0.21

    phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.

  • CVE-2007-6297Dec 10, 2007
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to…

  • CVE-2004-2718Dec 31, 2004
    risk 0.03cvss epss 0.02

    PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.

  • CVE-2004-2716Dec 31, 2004
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.

  • CVE-2004-2715Dec 31, 2004
    risk 0.03cvss epss 0.05

    edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.

  • CVE-2020-37151Feb 5, 2026
    risk 0.00cvss epss 0.00

    phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract…

  • CVE-2020-9265Feb 18, 2020
    risk 0.00cvss epss 0.01

    phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.

  • CVE-2007-6296Dec 10, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in users_popupL.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the From parameter.

  • CVE-2007-2477May 3, 2007
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the {ChatPath} parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value

  • CVE-2006-7001Feb 12, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are…

  • CVE-2006-5897Nov 15, 2006
    risk 0.00cvss epss 0.02

    Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6)…