Ciprianmp Phpmychat-Plus vulnerabilities
3 known vulnerabilities affecting ciprianmp/phpmychat-plus.
Total CVEs
3
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-19908P3MEDIUMCVSS 6.1PoCv1.982019-12-20
CVE-2019-19908 [MEDIUM] CWE-79 CVE-2019-19908: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
nvd
CVE-2020-37151P3HIGHCVSS 7.5v1.982026-02-05
CVE-2020-37151 [HIGH] CWE-89 CVE-2020-37151: phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_u
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the userna
nvd
CVE-2020-9265P3HIGHCVSS 8.2v1.982020-02-18
CVE-2020-9265 [HIGH] CWE-89 CVE-2020-9265: phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User fun
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
nvd