MyChat Plus Multiple Vulnerabilities Network Vulnerability

Summary

This host is running MyChat Plus and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow attacker to cause SQL Injection attack, gain sensitive information about the database used by the web application or can cause arbitrary code execution inside the context of the web application. Impact Level: Application

Solution

Upgrade to version 1.94 or later, For updates refer to http://sourceforge.net/projects/phpmychat

Insight

The flaws are due to: - Improper sanitization of user supplied input through the 'CookieUsername' and 'CookieStatus' parameter in Cookie. - Improper sanitization of user supplied input through the 'pmc_password' parameter in a printable action to avatar.php.

Affected

phpMyChat Plus version 1.93

References

http://www.exploit-db.com/exploits/17213/
http://www.l33thackers.com/Thread-webapps-phpMyChat-Plus-1-93-Multiple-Vulnerabilities

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache CouchDB Cross Site Request Forgery Vulnerability
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
An Image Gallery Multiple Cross-Site Scripting Vulnerability
Apache Tomcat DOS Device Name XSS
Advanced Image Hosting Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities