CVE-2020-37151

Name of the Vulnerable Software and Affected Versions phpMyChat Plus version 1.98

Description The software contains a SQL injection issue in the 'deluser.php' page. This allows manipulation of database queries through the pmc username parameter. Attackers can use boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database information by crafting malicious payloads in the username field.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.