Phpmychat Plus

phpmychat-plus

Vendor: Ciprianmp • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-37151 1Ciprianmp 1Phpmychat Plus Feb 20, 2026 Feb 5, 2026 8.8 HIGH· v4 7.5 HIGH· v3 N/A· v2 phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based...Show more phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.Show less
CVE-2020-9265 1Ciprianmp 1Phpmychat Plus Nov 21, 2024 Feb 18, 2020 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username.
CVE-2019-19908 1Ciprianmp 1Phpmychat Plus Nov 21, 2024 Dec 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.