CVE-2006-1669

phpHeaven Team PHPMyChat <0.14.5 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1646

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/bid/17382

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/430358/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1646

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25687

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015873

Scores

EPSS 0.0094

EPSS Percentile 76.3%

Details

Status published

Products (2)

phpheaven/phpmychat 0.14.4

phpheaven/phpmychat < 0.14.5

Published Apr 07, 2006

Tracked Since Feb 18, 2026