3 matches found
CVE-2019-19908
CVE-2019-19908 concerns phpMyChat-Plus 1.98, with a reflected XSS in the password reset flow. The vulnerability is triggered via the pmc_username parameter in pass_reset.php, allowing an attacker to inject JavaScript that runs in the victim’s browser. This could potentially lead to session hijack...
CVE-2020-9265
CVE-2020-9265 affects phpMyChat-Plus 1.98, where the deluser.php Delete User functionality is vulnerable to multiple SQL injections due to insufficient input validation in the database queries. The vulnerability is demonstrated by pmc_username, with CVSSv3.1/2.0 scores indicating HIGH to CRITICAL...
CVE-2020-37151
CVE-2020-37151 affects PHPMyChat Plus 1.98, with a SQL injection in deluser.php via the pmc_username parameter. The root cause is improper handling of user input in the deluser.php code, enabling attackers to craft payloads that perform boolean-based, error-based, and time-based blind SQL injecti...