7 matches found
CVE-2026-57206
CVE-2026-57206 affects SimpleChat prior to version 0.241.206, where multiple plugin validation endpoints in application/single_app/plugin_validation_endpoint.py—specifically POST /api/admin/plugins/test-instantiation, GET /api/admin/plugins/health-check/, POST /api/admin/plugins/repair/, and POST...
CVE-2026-57205
CVE-2026-57205 affects SimpleChat prior to version 0.241.203. An authenticated low-privilege user could exploit IDOR on two endpoints (GET /api/user/info/ and GET /api/user/profile-image/) by supplying a caller-controlled user_id to read another user’s email address, display name, and profile ima...
EUVD-2006-5821
Malware in sbrugna...
CVE-2006-5837
CVE-2006-5837 describes a static code injection in the SimpleChat 1.0.0 module for iWare Professional CMS. The vulnerability resides in chat_panel.php, allowing remote attackers to inject arbitrary PHP code into chat_log.php via the msg parameter. The CVSSv2 vector is AV:N/AC:L/Au:N/C:P/I:P/A:P w...
CVE-2006-5837
Static code injection vulnerability in chatpanel.php in the SimpleChat 1.0.0 module for iWare Professional CMS allows remote attackers to inject arbitrary PHP code into chatlog.php via the msg parameter...
SimpleChat Information Disclosure
It is possible to retrieve list of users currently connected to the remote SimpleChat server by requesting the file 'data/usr'. An attacker may use this flaw to obtain the IP address of every user currently connected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: 20 Mar 2003...
SimpleChat
Product : SimpleChat! Version : 1.3 WebSite : http://hot-things.net Problem : Private info viewing Description: ------------ In a directory /data/ the file containing the information on users of a chat lays taking place in a chat at present, to which any interested person can receive access. The...