CVE-2018-5954
HIGHphpfreechat < 1.7 - Denial of Service via Excessive Connect Commands
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-5954. PoCs published by A. Pakbaz.
AI-analyzed exploit summary This exploit targets phpFreeChat 1.7 and earlier, causing a Denial of Service (DoS) by flooding the server with POST requests. It uses multiple concurrent connections to overwhelm the target system.
Description
phpFreeChat 1.7 and earlier allows remote attackers to cause a denial of service by sending a large number of connect commands.
Exploits (1)
exploitdb
WORKING POC
by A. Pakbaz · phpdosphp
https://www.exploit-db.com/exploits/43852
This exploit targets phpFreeChat 1.7 and earlier, causing a Denial of Service (DoS) by flooding the server with POST requests. It uses multiple concurrent connections to overwhelm the target system.
Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
phpFreeChat 1.7 and earlier
No auth needed
Prerequisites:
Access to the target server's URL · cURL installed on the attacker's machine
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43852/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/146037/PHPFreeChat-1.7-Denial-Of-Service.html
Scores
CVSS v3
7.5
EPSS
0.0910
EPSS Percentile
94.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
phpfreechat/phpfreechat
< 1.7
Published
Jan 25, 2018
Tracked Since
Feb 18, 2026