CVE-2006-6995

V3 Chat - Authenticated Privilege Escalation via Membername Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6995. PoCs published by Luny.

AI-analyzed exploit summary The provided text describes multiple cross-site scripting (XSS) and SQL injection vulnerabilities in V3 Chat Instant Messenger due to improper input sanitization. It outlines potential attack vectors but does not include functional exploit code.

Description

mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Luny · textwebappsphp
https://www.exploit-db.com/exploits/28075

The provided text describes multiple cross-site scripting (XSS) and SQL injection vulnerabilities in V3 Chat Instant Messenger due to improper input sanitization. It outlines potential attack vectors but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target: V3 Chat Instant Messenger
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18543
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437755/100/200/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2474

Scores

EPSS 0.0154
EPSS Percentile 71.6%

Details

Status published
Products (1)
v3_chat/v3chat_instant_messenger
Published Feb 12, 2007
Tracked Since Feb 18, 2026