Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from...
6.4AI Score
0.004EPSS
phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by...
8.2CVSS
8.3AI Score
0.002EPSS
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is...
6.1CVSS
6.1AI Score
0.007EPSS
Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6)...
6.8AI Score
0.004EPSS