Php Heaven Phpmychat vulnerabilities
5 known vulnerabilities affecting php_heaven/phpmychat.
Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2004-2715P3HIGHCVSS 7.5PoCv0.14.52004-12-31
CVE-2004-2715 [HIGH] CWE-287 CVE-2004-2715: edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administr
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
nvd
CVE-2004-2716P3HIGHCVSS 7.5PoCv0.14.52004-12-31
CVE-2004-2716 [HIGH] CWE-89 CVE-2004-2716: Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
nvd
CVE-2004-2717P4LOWCVSS 2.6PoCv0.14.52004-12-31
CVE-2004-2717 [LOW] CWE-22 CVE-2004-2717: Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attacker
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
nvd
CVE-2004-2718P4MEDIUMCVSS 4.3PoCv0.14.52004-12-31
CVE-2004-2718 [MEDIUM] CWE-264 CVE-2004-2718: PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
nvd
CVE-2007-6297P4MEDIUMCVSS 4.3PoCv0.14.52007-12-10
CVE-2007-6297 [MEDIUM] CVE-2007-6297: Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to in
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css
nvd