Vulnerabilities > PHP Heaven

DATE CVE VULNERABILITY TITLE RISK
2007-12-10 CVE-2007-6297 Cross-Site Scripting vulnerability in PHP Heaven PHPmychat 0.14.5
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3.
network
php-heaven CWE-79
4.3
2004-12-31 CVE-2004-2718 Permissions, Privileges, and Access Controls vulnerability in PHP Heaven PHPmychat 0.14.5
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
4.3
2004-12-31 CVE-2004-2717 Path Traversal vulnerability in PHP Heaven PHPmychat 0.14.5
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a ..
network
high complexity
php-heaven CWE-22
2.6
2004-12-31 CVE-2004-2716 SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
network
low complexity
php-heaven CWE-89
7.5
2004-12-31 CVE-2004-2715 Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
network
low complexity
php-heaven CWE-287
7.5