CVE-2004-2716

Name of the Vulnerable Software and Affected Versions PHPMyChat version 0.14.5

Description The issue concerns SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters are sortBy, sortOrder, startReg, U, LastCheck, and R.

Recommendations For PHPMyChat version 0.14.5, consider restricting access to the usersL.php3 file until a patch is available. As a temporary workaround, avoid using the parameters sortBy, sortOrder, startReg, U, LastCheck, and R in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.