← Back

Phpmychat

phpmychat

Vendor: Php Heaven • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2007-6297
1Php Heaven
1Phpmychat
Apr 23, 2026
Dec 10, 2007
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/editu...Show more
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.Show less
CVE-2004-2718
1Php Heaven
1Phpmychat
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
4.3 MEDIUM· v2
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
CVE-2004-2717
1Php Heaven
1Phpmychat
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
2.6 LOW· v2
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
CVE-2004-2716
1Php Heaven
1Phpmychat
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R paramet...Show more
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.Show less
CVE-2004-2715
1Php Heaven
1Phpmychat
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.