Vulnerabilities > CVE-2006-1669 - Unspecified vulnerability in PHPheaven PHPmychat 0.14.4

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

phpheaven

exploit available

NVD

Published: 2006-04-07

Updated: 2024-11-21

Summary

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.

Vulnerable Configurations

Part	Description	Count
Application	Phpheaven Phpheaven Phpmychat 0.14.4 Phpheaven Phpmychat *	2

Exploit-Db

id	EDB-ID:1646

References

http://securitytracker.com/id?1015873
http://securitytracker.com/id?1015873
http://www.securityfocus.com/archive/1/430358/100/0/threaded
http://www.securityfocus.com/archive/1/430358/100/0/threaded
http://www.securityfocus.com/bid/17382
http://www.securityfocus.com/bid/17382
https://exchange.xforce.ibmcloud.com/vulnerabilities/25687
https://exchange.xforce.ibmcloud.com/vulnerabilities/25687
https://www.exploit-db.com/exploits/1646
https://www.exploit-db.com/exploits/1646