Vulnerabilities > PHP Heaven
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-10 | CVE-2007-6297 | Cross-Site Scripting vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. | 4.3 |
| 2004-12-31 | CVE-2004-2718 | Permissions, Privileges, and Access Controls vulnerability in PHP Heaven PHPmychat 0.14.5 PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | 4.3 |
| 2004-12-31 | CVE-2004-2717 | Path Traversal vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. | 2.6 |
| 2004-12-31 | CVE-2004-2716 | SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | 7.5 |
| 2004-12-31 | CVE-2004-2715 | Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | 7.5 |