CVE-2004-2717

Technical details for CVE-2004-2717 are not publicly available in the provided documents; monitor for updates from Vulners and related advisories.

CVE-2004-2718

PHPMyChat 0.14.5 is affected by CVE-2004-2718: an issue where setup.php3 is not removed or protected after installation, allowing direct requests to reveal sensitive information such as database passwords. Impact is partial confidentiality loss as described; no exploitation details or active expl...

CVE-2004-2717

Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. dot dot in the 1 sheet and 2 What parameters...

CVE-2004-2715

edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the donotlogin parameter to false...

CVE-2004-2715

CVE-2004-2715 affects PHPMyChat 0.14.5 where edituser.php3 allows remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. The root cause is a parameter-based authentication bypass in the admin workflow, enabling escalation of pr...

CVE-2004-2716

CVE-2004-2716 describes multiple SQL injection vulnerabilities in PHPMyChat 0.14.5’s usersL.php3, allowing remote attackers to execute arbitrary SQL commands via parameters (sortBy, sortOrder, startReg, U, LastCheck, R). The underlying issue is unsafely constructed SQL queries in that script, ena...

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request...

CVE-2007-2477

PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value...

Remote file inclusion

PHP remote file inclusion vulnerability in phpMyChat.php3 in phpMyChat 0.14.5 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. NOTE: this has been disputed by multiple third parties and CVE because $ChatPath is set to a constant value...

PT-2007-3801 · Phpmychat · Phpmychat

Name of the Vulnerable Software and Affected Versions: phpMyChat version 0.14.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter in the phpMyChat.php3 file. However, it has been disputed by multiple third parties because the $ChatPat...

CVE-2007-2477

The CVE-2007-2477 issue affects phpMyChat 0.14.5, specifically the phpMyChat.php3 file where a URL provided in the {ChatPath} parameter can lead to remote code execution (PHP RFI). The root cause is the use of ChatPath in constructing or including remote content; however, this has been disputed b...

phpMyChat-0.14.5

----------------------------------------------------------------------------------------------------------------------------------------------------------- Script Name : phpMyChat-0.14.5 Download : http://www.easy-script.com/compt.php?id=1701 Coded by : KaRTaL Contact : k4rtalatgmaildotcom...

CVE-2006-7001

Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2006-7001

Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from...

CVE-2006-7001

CVE-2006-7001 describes a directory traversal in PhpMyChat Plus 1.9 and earlier. The vulnerable component is the avatar.php handler, where an attacker can supply a "L" parameter containing ".." to read arbitrary files on the server. This mirrors the established issue family in PhpMyChat Plus 1.9 ...

CVE-2006-5898

Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the ChatPath parameter...

CVE-2006-5897

Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the ChatPath parameter to 1 avatar.php, 2 colorhelppopup.php, 3 colorpopup.php, 4 index.php, 5 index1.php, 6 lib/connectedusers.lib.php, 7...

CVE-2006-5897

Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. dot dot in the ChatPath parameter to 1 avatar.php, 2 colorhelppopup.php, 3 colorpopup.php, 4 index.php, 5 index1.php, 6 lib/connectedusers.lib.php, 7...

CVE-2006-5898

Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the ChatPath parameter...

CVE-2006-5897

CVE-2006-5897 affects PhpMyChat Plus 1.9 and earlier, with multiple directory-traversal paths exposed via ChatPath (to avatar.php, colorhelp_popup.php, color_popup.php, index.php, index1.php, lib/connected_users.lib.php, lib/index.lib.php, phpMyChat.php3) and the L parameter to logs.php. The unde...