PT-2004-3607 · Phpmychat · Phpmychat
Published
2004-12-31
·
Updated
2009-04-03
·
CVE-2004-2717
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PHPMyChat version 0.14.5
Description
The issue concerns directory traversal vulnerabilities in the admin.php3 file of PHPMyChat. These vulnerabilities allow remote attackers with administrative privileges to read arbitrary files. This is achieved by including a .. (dot dot) in the
sheet and What parameters.Recommendations
For PHPMyChat version 0.14.5, consider restricting access to the admin.php3 file until a patch is available, and avoid using the
sheet and What parameters with untrusted input.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpmychat