CVE-2007-6297

CVE-2007-6297 details multiple XSS vulnerabilities in PHPMyChat (0.14.5/0.14.6) that allow remote attackers to inject arbitrary script/html via parameters: LIMIT (chat/deluser.php3), Link (chat/edituser.php3), and LastCheck or B (chat/users_popupL.php3). The entry notes related vectors (FontName ...

CVE-2004-2718

PHPMyChat 0.14.5 is affected by CVE-2004-2718: an issue where setup.php3 is not removed or protected after installation, allowing direct requests to reveal sensitive information such as database passwords. Impact is partial confidentiality loss as described; no exploitation details or active expl...

CVE-2004-2715

CVE-2004-2715 affects PHPMyChat 0.14.5 where edituser.php3 allows remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. The root cause is a parameter-based authentication bypass in the admin workflow, enabling escalation of pr...

CVE-2004-2716

CVE-2004-2716 describes multiple SQL injection vulnerabilities in PHPMyChat 0.14.5’s usersL.php3, allowing remote attackers to execute arbitrary SQL commands via parameters (sortBy, sortOrder, startReg, U, LastCheck, R). The underlying issue is unsafely constructed SQL queries in that script, ena...

CVE-2004-2717

Technical details for CVE-2004-2717 are not publicly available in the provided documents; monitor for updates from Vulners and related advisories.