Filtered by vendor Ciprianmp
Subscriptions
Filtered by product Phpmychat-plus
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37151 | 1 Ciprianmp | 1 Phpmychat-plus | 2026-02-06 | 8.2 High |
| phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field. | ||||
| CVE-2020-9265 | 1 Ciprianmp | 1 Phpmychat-plus | 2024-11-21 | 8.2 High |
| phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username. | ||||
| CVE-2019-19908 | 1 Ciprianmp | 1 Phpmychat-plus | 2024-11-21 | 6.1 Medium |
| phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable. | ||||
Page 1 of 1.