vendor:
phpFreeChat
by:
A. Pakbaz
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: phpFreeChat
Affected Version From: 1.7 and earlier
Affected Version To: 1.7 and earlier
Patch Exists: YES
Related CWE: CVE-2018-5954
CPE: a:phpfreechat:phpfreechat:1.7
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: None
2018
phpFreeChat 1.7 and earlier – Denial of Service
A Denial of Service vulnerability exists in phpFreeChat 1.7 and earlier. An attacker can send a specially crafted request to the vulnerable server to cause a denial of service. This vulnerability is caused due to an error in the handling of the 'cmd' parameter in the 'handleRequest' function in 'index.php', which can be exploited to cause a denial of service.
Mitigation:
Upgrade to the latest version of phpFreeChat.