CVE-2004-2717

PHPMyChat 0.14.5 - Authenticated Path Traversal via Sheet or What Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2717. PoCs published by HEX.

AI-analyzed exploit summary The writeup describes multiple vulnerabilities in phpMyChat, including HTML injection, SQL injection, authentication bypass, and file disclosure via directory traversal. It provides example URIs for exploiting the file disclosure vulnerability but does not include executable exploit code.

Description

Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) What parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by HEX · textwebappsphp
https://www.exploit-db.com/exploits/24217

The writeup describes multiple vulnerabilities in phpMyChat, including HTML injection, SQL injection, authentication bypass, and file disclosure via directory traversal. It provides example URIs for exploiting the file disclosure vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass | Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: phpHeaven phpMyChat
Auth required
Prerequisites: access to the target application · valid credentials for admin functions in some cases
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11894
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10556
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-06/0252.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1010515
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/7150

Scores

EPSS 0.0240
EPSS Percentile 82.0%

Details

CWE
CWE-22
Status published
Products (1)
php_heaven/phpmychat 0.14.5
Published Dec 31, 2004
Tracked Since Feb 18, 2026