HEX

3 exploits Active since Dec 2004
CVE-2004-2717 EXPLOITDB text WRITEUP
PHPMyChat 0.14.5 - Authenticated Path Traversal via Sheet or What Parameter
Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.
CVE-2004-2715 EXPLOITDB html WORKING POC
PHPMyChat 0.14.5 - Improper Authentication via do_not_login Parameter
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
CVE-2004-2716 EXPLOITDB text WRITEUP
PHPMyChat 0.14.5 - SQL Injection via usersL.php3 Parameters
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.