cbcvebase.

Php Heaven Phpmychat vulnerabilities

5 known vulnerabilities affecting php_heaven/phpmychat.

Total CVEs
5
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2004-2715P3HIGHCVSS 7.5PoCv0.14.52004-12-31
CVE-2004-2715 [HIGH] CWE-287 CVE-2004-2715: edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administr edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
nvd
CVE-2004-2716P3HIGHCVSS 7.5PoCv0.14.52004-12-31
CVE-2004-2716 [HIGH] CWE-89 CVE-2004-2716: Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
nvd
CVE-2004-2717P4LOWCVSS 2.6PoCv0.14.52004-12-31
CVE-2004-2717 [LOW] CWE-22 CVE-2004-2717: Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attacker Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
nvd
CVE-2004-2718P4MEDIUMCVSS 4.3PoCv0.14.52004-12-31
CVE-2004-2718 [MEDIUM] CWE-264 CVE-2004-2718: PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
nvd
CVE-2007-6297P4MEDIUMCVSS 4.3PoCv0.14.52007-12-10
CVE-2007-6297 [MEDIUM] CVE-2007-6297: Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to in Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css
nvd
Php Heaven Phpmychat vulnerabilities | cvebase