vendor:
PHP Live! Chat
by:
v3n0m
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP Live! Chat
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:phplivesupport:phplive
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
PHP Live! 3.3 (deptid) Remote SQL Injection
A remote SQL injection vulnerability exists in PHP Live! Chat v3.3. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability is due to insufficient sanitization of user-supplied input in the 'deptid' parameter of the 'message_box.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database and extraction of sensitive information.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized before being used in SQL statements.