Vulnerabilities > CVE-2006-1669 - SQL Injection vulnerability in PHPheaven PHPmychat 0.14.4

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

phpheaven

exploit available

NVD

Published: 2006-04-07

Updated: 2018-10-18

Summary

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.

Vulnerable Configurations

Part	Description	Count
Application	Phpheaven Phpheaven Phpmychat 0.14.4 Phpheaven Phpmychat *	2

Exploit-Db

id	EDB-ID:1646

References

http://securitytracker.com/id?1015873
http://www.securityfocus.com/archive/1/430358/100/0/threaded
http://www.securityfocus.com/bid/17382
https://exchange.xforce.ibmcloud.com/vulnerabilities/25687
https://www.exploit-db.com/exploits/1646