Phpmychat Security Vulnerabilities and Issues — Phpmychat CVE List

PhpheavenPhpmychat

8 matches found

CVE•added 2002/06/11 4:0 a.m.•48 views

CVE-2001-1357

CVE-2001-1357 affects phpMyChat prior to 0.14.5. Vulnerabilities are in three PHP files: input.php3, handle_inputH.php3, and index.lib.php3. The description notes unknown consequences with possible user spoofing or improperly initialized variables; no concrete impact or exploit details are provid...

7.5CVSS7.2AI score0.00467EPSS

CVE•added 2005/05/16 4:0 a.m.•48 views

CVE-2005-1619

PHPMyChat 0.14.5 is affected by multiple XSS vulnerabilities in start_page.css.php3 and style.css.php3, exploitable via the FontName parameter to inject arbitrary script/HTML. The issue is documented as CVE-2005-1619; notes indicate 0.14.5 is affected. Affected components are the PHPMyChat front-...

4.3CVSS6AI score0.03988EPSS

CVE•added 2005/12/04 11:0 p.m.•48 views

CVE-2005-3991

PHPMyChat 0.14.6 is affected by multiple XSS vulnerabilities. Attackers can inject arbitrary script/HTML via the medium parameter to start_page.css.php and style.css.php, or the From parameter to users_popupL.php. The root cause is lack of input sanitization in these parameters. Impact is remote ...

4.3CVSS5.8AI score0.01253EPSS

CVE•added 2008/03/25 7:0 p.m.•43 views

CVE-2008-1504

The CVE-2008-1504 entry concerns a Cross-site Scripting (XSS) vulnerability in the setup.php3 component of phpHeaven phpMyChat 0.14.5. The issue is triggered by untrusted input in the Lang parameter, allowing remote attackers to inject arbitrary web-script/HTML. The description and references ind...

4.3CVSS5.6AI score0.00267EPSS

CVE•added 2006/04/07 10:0 a.m.•41 views

CVE-2006-1669

The CVE-2006-1669 entry documents a SQL injection in phpHeaven Team PHPMyChat 0.14.5 and earlier, exploitable via the T parameter in chat/messagesL.php3. The underlying issue allows remote command execution as the username is later processed in an eval() call, and the username originates from the...

6.4CVSS8.3AI score0.00938EPSS

Web

CVE•added 2006/09/29 8:0 p.m.•40 views

CVE-2006-5088

The connected documents confirm a PHP remote file inclusion in phpMyChat 0.1, specifically in connected_users.lib.php3, exploitable by supplying a URL in the ChatPath parameter to run arbitrary PHP code. The PT-2006-5826 entry reiterates the affected software and suggests restricting access to th...

7.5CVSS7.9AI score0.01093EPSS

CVE•added 2002/06/11 4:0 a.m.•38 views

CVE-2001-1358

phpMyChat prior to version 0.14.4 is affected by a local privilege escalation (and potentially remote) via a crafted L (localization) parameter that allows an alternate library file to be loaded, enabling attackers to gain privileges. The description explicitly identifies the vulnerable component...

7.2CVSS7.3AI score0.00213EPSS

CVE•added 2006/11/15 3:0 p.m.•37 views

CVE-2006-5898

CVE-2006-5898 describes a directory traversal vulnerability in PhpMyChat (versions up to 0.14.5) affecting the localization/languages.lib.php3 component. An attacker can supply a ". ." sequence in the ChatPath parameter to read arbitrary files on the server. The issue arises from improper validat...

5CVSS7.1AI score0.00229EPSS

Web